Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-26951 (GCVE-0-2020-26951)
Vulnerability from cvelistv5 – Published: 2020-12-09 00:19 – Updated: 2024-08-04 16:03
VLAI?
EPSS
Summary
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
Severity ?
No CVSS data available.
CWE
- Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
< 83
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:22.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-50/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-52/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-51/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "\u003c 83"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "\u003c 78.5"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "\u003c 78.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-09T00:19:43",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-50/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-52/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-51/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-26951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "\u003c 83"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "\u003c 78.5"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "\u003c 78.5"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-50/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-50/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-52/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-52/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-51/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-51/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-26951",
"datePublished": "2020-12-09T00:19:43",
"dateReserved": "2020-10-12T00:00:00",
"dateUpdated": "2024-08-04T16:03:22.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"83.0\", \"matchCriteriaId\": \"9385C808-43DD-4D02-B1A9-89A2E3986DF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.5\", \"matchCriteriaId\": \"36160ED9-05B8-4E38-8C67-49EE1738AF8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.5\", \"matchCriteriaId\": \"C169EC17-3490-437D-A36B-40C3DE316175\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.\"}, {\"lang\": \"es\", \"value\": \"Un desajuste en el an\\u00e1lisis y la carga de eventos en el c\\u00f3digo SVG de Firefox podr\\u00eda haber permitido a unos eventos de carga dispararse, incluso despu\\u00e9s del saneamiento. Un atacante ya capaz de explotar una vulnerabilidad de tipo XSS en p\\u00e1ginas internas privilegiadas podr\\u00eda haber usado este ataque para omitir nuestro sanitizador incorporado. Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78.5, y Thunderbird versiones anteriores a 78.5\"}]",
"id": "CVE-2020-26951",
"lastModified": "2024-11-21T05:20:33.943",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-12-09T01:15:12.643",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1667113\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-50/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-51/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-52/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1667113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-50/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-51/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-52/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-26951\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2020-12-09T01:15:12.643\",\"lastModified\":\"2024-11-21T05:20:33.943\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.\"},{\"lang\":\"es\",\"value\":\"Un desajuste en el an\u00e1lisis y la carga de eventos en el c\u00f3digo SVG de Firefox podr\u00eda haber permitido a unos eventos de carga dispararse, incluso despu\u00e9s del saneamiento. Un atacante ya capaz de explotar una vulnerabilidad de tipo XSS en p\u00e1ginas internas privilegiadas podr\u00eda haber usado este ataque para omitir nuestro sanitizador incorporado. Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78.5, y Thunderbird versiones anteriores a 78.5\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"83.0\",\"matchCriteriaId\":\"9385C808-43DD-4D02-B1A9-89A2E3986DF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.5\",\"matchCriteriaId\":\"36160ED9-05B8-4E38-8C67-49EE1738AF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.5\",\"matchCriteriaId\":\"C169EC17-3490-437D-A36B-40C3DE316175\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1667113\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-50/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-51/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-52/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1667113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-50/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-51/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-52/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
RHSA-2020_5231
Vulnerability from csaf_redhat - Published: 2020-11-30 08:41 - Updated: 2024-11-22 16:03Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5231",
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5231.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:03:14+00:00",
"generator": {
"date": "2024-11-22T16:03:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5231",
"initial_release_date": "2020-11-30T08:41:55+00:00",
"revision_history": [
{
"date": "2020-11-30T08:41:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:41:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:03:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_1.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_1.src",
"product_id": "thunderbird-0:78.5.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5237
Vulnerability from csaf_redhat - Published: 2020-11-30 10:40 - Updated: 2024-11-22 16:03Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5237",
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5237.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:03:35+00:00",
"generator": {
"date": "2024-11-22T16:03:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5237",
"initial_release_date": "2020-11-30T10:40:49+00:00",
"revision_history": [
{
"date": "2020-11-30T10:40:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T10:40:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:03:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.s390x",
"product_id": "firefox-0:78.5.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.aarch64",
"product_id": "firefox-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.src",
"product_id": "firefox-0:78.5.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5232
Vulnerability from csaf_redhat - Published: 2020-11-30 08:55 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5232",
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5232.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:46+00:00",
"generator": {
"date": "2025-11-21T18:18:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5232",
"initial_release_date": "2020-11-30T08:55:51+00:00",
"revision_history": [
{
"date": "2020-11-30T08:55:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:55:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"product_id": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.src",
"product_id": "thunderbird-0:78.5.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5238
Vulnerability from csaf_redhat - Published: 2020-11-30 09:04 - Updated: 2024-11-22 16:03Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5238",
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5238.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:03:28+00:00",
"generator": {
"date": "2024-11-22T16:03:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5238",
"initial_release_date": "2020-11-30T09:04:11+00:00",
"revision_history": [
{
"date": "2020-11-30T09:04:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T09:04:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:03:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.i686",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686",
"product_id": "thunderbird-0:78.5.0-1.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.src",
"product_id": "thunderbird-0:78.5.0-1.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"product_id": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el6_10?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x",
"product_id": "thunderbird-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el6_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5257
Vulnerability from csaf_redhat - Published: 2020-11-30 19:50 - Updated: 2024-11-22 16:02Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5257",
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5257.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:02:42+00:00",
"generator": {
"date": "2024-11-22T16:02:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5257",
"initial_release_date": "2020-11-30T19:50:18+00:00",
"revision_history": [
{
"date": "2020-11-30T19:50:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T19:50:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:02:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.i686",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.i686",
"product_id": "firefox-0:78.5.0-1.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64",
"product_id": "firefox-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.src",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.src",
"product_id": "firefox-0:78.5.0-1.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64",
"product_id": "firefox-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el6_10?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.s390x",
"product_id": "firefox-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el6_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5240
Vulnerability from csaf_redhat - Published: 2020-11-30 08:37 - Updated: 2024-11-22 16:03Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5240",
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5240.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:03:20+00:00",
"generator": {
"date": "2024-11-22T16:03:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5240",
"initial_release_date": "2020-11-30T08:37:01+00:00",
"revision_history": [
{
"date": "2020-11-30T08:37:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:37:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:03:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_0.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_0.src",
"product_id": "thunderbird-0:78.5.0-1.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5314
Vulnerability from csaf_redhat - Published: 2020-12-01 15:26 - Updated: 2024-11-22 16:02Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5314",
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5314.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:02:51+00:00",
"generator": {
"date": "2024-11-22T16:02:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5314",
"initial_release_date": "2020-12-01T15:26:17+00:00",
"revision_history": [
{
"date": "2020-12-01T15:26:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-12-01T15:26:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:02:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_0.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_0.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_0.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_0.src",
"product_id": "firefox-0:78.5.0-1.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5234
Vulnerability from csaf_redhat - Published: 2020-11-30 09:00 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5234",
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5234.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:47+00:00",
"generator": {
"date": "2025-11-21T18:18:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5234",
"initial_release_date": "2020-11-30T09:00:38+00:00",
"revision_history": [
{
"date": "2020-11-30T09:00:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T09:00:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.s390x",
"product_id": "firefox-0:78.5.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.aarch64",
"product_id": "firefox-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.src",
"product_id": "firefox-0:78.5.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5236
Vulnerability from csaf_redhat - Published: 2020-11-30 08:51 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5236",
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5236.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:52+00:00",
"generator": {
"date": "2025-11-21T18:18:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5236",
"initial_release_date": "2020-11-30T08:51:28+00:00",
"revision_history": [
{
"date": "2020-11-30T08:51:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:51:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"product_id": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.src",
"product_id": "thunderbird-0:78.5.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5233
Vulnerability from csaf_redhat - Published: 2020-11-30 08:48 - Updated: 2024-11-22 16:02Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5233",
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5233.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:02:51+00:00",
"generator": {
"date": "2024-11-22T16:02:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5233",
"initial_release_date": "2020-11-30T08:48:14+00:00",
"revision_history": [
{
"date": "2020-11-30T08:48:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:48:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:02:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.s390x",
"product_id": "firefox-0:78.5.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.aarch64",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.aarch64",
"product_id": "firefox-0:78.5.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.src",
"product_id": "firefox-0:78.5.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5235
Vulnerability from csaf_redhat - Published: 2020-11-30 20:27 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5235",
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5235.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:47+00:00",
"generator": {
"date": "2025-11-21T18:18:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5235",
"initial_release_date": "2020-11-30T20:27:40+00:00",
"revision_history": [
{
"date": "2020-11-30T20:27:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T20:27:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el7_9.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el7_9.src",
"product_id": "thunderbird-0:78.5.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5238
Vulnerability from csaf_redhat - Published: 2020-11-30 09:04 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5238",
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5238.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:49+00:00",
"generator": {
"date": "2025-11-21T18:18:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5238",
"initial_release_date": "2020-11-30T09:04:11+00:00",
"revision_history": [
{
"date": "2020-11-30T09:04:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T09:04:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.i686",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686",
"product_id": "thunderbird-0:78.5.0-1.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.src",
"product_id": "thunderbird-0:78.5.0-1.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"product_id": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el6_10?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x",
"product_id": "thunderbird-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el6_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:04:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5238"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Server-optional-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:thunderbird-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5236
Vulnerability from csaf_redhat - Published: 2020-11-30 08:51 - Updated: 2024-11-22 16:02Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5236",
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5236.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:02:59+00:00",
"generator": {
"date": "2024-11-22T16:02:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5236",
"initial_release_date": "2020-11-30T08:51:28+00:00",
"revision_history": [
{
"date": "2020-11-30T08:51:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:51:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:02:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"product_id": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_3.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_3.src",
"product_id": "thunderbird-0:78.5.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:51:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5237
Vulnerability from csaf_redhat - Published: 2020-11-30 10:40 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5237",
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5237.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:48+00:00",
"generator": {
"date": "2025-11-21T18:18:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5237",
"initial_release_date": "2020-11-30T10:40:49+00:00",
"revision_history": [
{
"date": "2020-11-30T10:40:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T10:40:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.s390x",
"product_id": "firefox-0:78.5.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.aarch64",
"product_id": "firefox-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_3.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_3.src",
"product_id": "firefox-0:78.5.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T10:40:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5237"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.5.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.5.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5235
Vulnerability from csaf_redhat - Published: 2020-11-30 20:27 - Updated: 2024-11-22 16:03Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5235",
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5235.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:03:42+00:00",
"generator": {
"date": "2024-11-22T16:03:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5235",
"initial_release_date": "2020-11-30T20:27:40+00:00",
"revision_history": [
{
"date": "2020-11-30T20:27:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T20:27:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:03:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el7_9.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el7_9.src",
"product_id": "thunderbird-0:78.5.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T20:27:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5235"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5232
Vulnerability from csaf_redhat - Published: 2020-11-30 08:55 - Updated: 2024-11-22 16:03Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5232",
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5232.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:03:07+00:00",
"generator": {
"date": "2024-11-22T16:03:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5232",
"initial_release_date": "2020-11-30T08:55:51+00:00",
"revision_history": [
{
"date": "2020-11-30T08:55:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:55:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:03:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"product_id": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_2.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_2.src",
"product_id": "thunderbird-0:78.5.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:55:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5232"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5239
Vulnerability from csaf_redhat - Published: 2020-11-30 23:12 - Updated: 2024-11-22 16:03Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5239",
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5239.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:03:49+00:00",
"generator": {
"date": "2024-11-22T16:03:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5239",
"initial_release_date": "2020-11-30T23:12:34+00:00",
"revision_history": [
{
"date": "2020-11-30T23:12:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T23:12:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:03:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64",
"product_id": "firefox-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.src",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.src",
"product_id": "firefox-0:78.5.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.i686",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.i686",
"product_id": "firefox-0:78.5.0-1.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.s390x",
"product_id": "firefox-0:78.5.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.ppc64",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64",
"product_id": "firefox-0:78.5.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le",
"product_id": "firefox-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5314
Vulnerability from csaf_redhat - Published: 2020-12-01 15:26 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5314",
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5314.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:52+00:00",
"generator": {
"date": "2025-11-21T18:18:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5314",
"initial_release_date": "2020-12-01T15:26:17+00:00",
"revision_history": [
{
"date": "2020-12-01T15:26:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-12-01T15:26:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_0.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_0.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_0.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_0.src",
"product_id": "firefox-0:78.5.0-1.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-01T15:26:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:firefox-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:firefox-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020_5234
Vulnerability from csaf_redhat - Published: 2020-11-30 09:00 - Updated: 2024-11-22 16:02Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5234",
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5234.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:02:42+00:00",
"generator": {
"date": "2024-11-22T16:02:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5234",
"initial_release_date": "2020-11-30T09:00:38+00:00",
"revision_history": [
{
"date": "2020-11-30T09:00:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T09:00:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:02:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.s390x",
"product_id": "firefox-0:78.5.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.aarch64",
"product_id": "firefox-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_2.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_2.src",
"product_id": "firefox-0:78.5.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T09:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5234"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5239
Vulnerability from csaf_redhat - Published: 2020-11-30 23:12 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5239",
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5239.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:48+00:00",
"generator": {
"date": "2025-11-21T18:18:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5239",
"initial_release_date": "2020-11-30T23:12:34+00:00",
"revision_history": [
{
"date": "2020-11-30T23:12:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T23:12:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64",
"product_id": "firefox-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.src",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.src",
"product_id": "firefox-0:78.5.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.i686",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.i686",
"product_id": "firefox-0:78.5.0-1.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.s390x",
"product_id": "firefox-0:78.5.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.ppc64",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64",
"product_id": "firefox-0:78.5.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le",
"product_id": "firefox-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T23:12:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5239"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.5.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.5.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5240
Vulnerability from csaf_redhat - Published: 2020-11-30 08:37 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5240",
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5240.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:49+00:00",
"generator": {
"date": "2025-11-21T18:18:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5240",
"initial_release_date": "2020-11-30T08:37:01+00:00",
"revision_history": [
{
"date": "2020-11-30T08:37:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:37:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_0.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_0.src",
"product_id": "thunderbird-0:78.5.0-1.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:37:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5240"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.src",
"AppStream-8.0.0.Z.E4S:thunderbird-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debuginfo-0:78.5.0-1.el8_0.x86_64",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.ppc64le",
"AppStream-8.0.0.Z.E4S:thunderbird-debugsource-0:78.5.0-1.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5257
Vulnerability from csaf_redhat - Published: 2020-11-30 19:50 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5257",
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5257.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:50+00:00",
"generator": {
"date": "2025-11-21T18:18:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5257",
"initial_release_date": "2020-11-30T19:50:18+00:00",
"revision_history": [
{
"date": "2020-11-30T19:50:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T19:50:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.i686",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.i686",
"product_id": "firefox-0:78.5.0-1.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64",
"product_id": "firefox-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el6_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.src",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.src",
"product_id": "firefox-0:78.5.0-1.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64",
"product_id": "firefox-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el6_10?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el6_10.s390x",
"product_id": "firefox-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el6_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el6_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
"product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Server-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T19:50:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5257"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Client-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Client-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6ComputeNode-optional-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6ComputeNode-optional-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Server-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Server-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.i686",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.src",
"6Workstation-6.10.z:firefox-0:78.5.0-1.el6_10.x86_64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.ppc64",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.s390x",
"6Workstation-6.10.z:firefox-debuginfo-0:78.5.0-1.el6_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5233
Vulnerability from csaf_redhat - Published: 2020-11-30 08:48 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.5.0 ESR.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5233",
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5233.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:47+00:00",
"generator": {
"date": "2025-11-21T18:18:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5233",
"initial_release_date": "2020-11-30T08:48:14+00:00",
"revision_history": [
{
"date": "2020-11-30T08:48:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:48:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.s390x",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.s390x",
"product_id": "firefox-0:78.5.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.x86_64",
"product_id": "firefox-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.ppc64le",
"product_id": "firefox-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.aarch64",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.aarch64",
"product_id": "firefox-0:78.5.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"product_id": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.5.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"product_id": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.5.0-1.el8_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.5.0-1.el8_1.src",
"product": {
"name": "firefox-0:78.5.0-1.el8_1.src",
"product_id": "firefox-0:78.5.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.5.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "firefox-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debugsource-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:48:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5233"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
RHSA-2020:5231
Vulnerability from csaf_redhat - Published: 2020-11-30 08:41 - Updated: 2025-11-21 18:18Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)\n\n* Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)\n\n* Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)\n\n* Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)\n\n* Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)\n\n* Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)\n\n* Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)\n\n* Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)\n\n* Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)\n\n* Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5231",
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5231.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:18:46+00:00",
"generator": {
"date": "2025-11-21T18:18:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:5231",
"initial_release_date": "2020-11-30T08:41:55+00:00",
"revision_history": [
{
"date": "2020-11-30T08:41:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-30T08:41:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:18:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"product_id": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"product_id": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.5.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.5.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.5.0-1.el8_1.src",
"product": {
"name": "thunderbird-0:78.5.0-1.el8_1.src",
"product_id": "thunderbird-0:78.5.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.5.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Aleksejs Popovs"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-16012",
"cwe": {
"id": "CWE-829",
"name": "Inclusion of Functionality from Untrusted Control Sphere"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898732"
}
],
"notes": [
{
"category": "description",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Variable time processing of cross-origin images during drawImage calls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "RHBZ#1898732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16012"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Variable time processing of cross-origin images during drawImage calls"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26951",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898731"
}
],
"notes": [
{
"category": "description",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "RHBZ#1898731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26951"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26951"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Abdulrahman Alqabandi"
],
"organization": "Microsoft Browser Vulnerability Research",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26953",
"cwe": {
"id": "CWE-451",
"name": "User Interface (UI) Misrepresentation of Critical Information"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898733"
}
],
"notes": [
{
"category": "description",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen could be enabled without displaying the security UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "RHBZ#1898733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26953"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen could be enabled without displaying the security UI"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"organization": "@sourc7",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26956",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898734"
}
],
"notes": [
{
"category": "description",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: XSS through paste (manual and clipboard API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "RHBZ#1898734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26956"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: XSS through paste (manual and clipboard API)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Moti Harmats"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26958",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898735"
}
],
"notes": [
{
"category": "description",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "RHBZ#1898735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26958"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Bharadwaj Machiraju"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26959",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898736"
}
],
"notes": [
{
"category": "description",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRequestService",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "RHBZ#1898736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26959"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Use-after-free in WebRequestService"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Zijie Zhao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898737"
}
],
"notes": [
{
"category": "description",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free in uses of nsTArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "RHBZ#1898737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898737"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26960"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Potential use-after-free in uses of nsTArray"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Gabriel Corona"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26961",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898738"
}
],
"notes": [
{
"category": "description",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: DoH did not filter IPv4 mapped IP Addresses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "RHBZ#1898738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26961"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: DoH did not filter IPv4 mapped IP Addresses"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Makoto Kato"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26965",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898739"
}
],
"notes": [
{
"category": "description",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Software keyboards may have remembered typed passwords",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "RHBZ#1898739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26965"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Software keyboards may have remembered typed passwords"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers and community"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-26968",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898741"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "RHBZ#1898741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968"
}
],
"release_date": "2020-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-30T08:41:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5231"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.5.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.5.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5"
}
]
}
OPENSUSE-SU-2020:2020-1
Vulnerability from csaf_opensuse - Published: 2020-11-25 20:09 - Updated: 2020-11-25 20:09Summary
Security update for MozillaFirefox
Notes
Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
* CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
* CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
* CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956: XSS through paste (manual and clipboard API)
* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
* CVE-2020-26959: Use-after-free in WebRequestService
* CVE-2020-26960: Potential use-after-free in uses of nsTArray
* CVE-2020-15999: Heap buffer overflow in freetype
* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965: Software keyboards may have remembered typed passwords
* CVE-2020-26966: Single-word search queries were also broadcast to local network
* CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-2020
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n * CVE-2020-26956: XSS through paste (manual and clipboard API)\n * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n * CVE-2020-26959: Use-after-free in WebRequestService\n * CVE-2020-26960: Potential use-after-free in uses of nsTArray\n * CVE-2020-15999: Heap buffer overflow in freetype\n * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n * CVE-2020-26965: Software keyboards may have remembered typed passwords\n * CVE-2020-26966: Single-word search queries were also broadcast to local network\n * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2020",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2020-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2020-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LK7W6L42GLCUWLGKEJNDWSRASOS3CLIA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2020-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LK7W6L42GLCUWLGKEJNDWSRASOS3CLIA/"
},
{
"category": "self",
"summary": "SUSE Bug 1178824",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16012 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26951 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26956 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26958 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26959 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26960 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26961 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26965 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26966 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26968 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26968/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2020-11-25T20:09:06Z",
"generator": {
"date": "2020-11-25T20:09:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2020-1",
"initial_release_date": "2020-11-25T20:09:06Z",
"revision_history": [
{
"date": "2020-11-25T20:09:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"product": {
"name": "MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"product_id": "MozillaFirefox-78.5.0-lp152.2.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"product_id": "MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.5.0-lp152.2.30.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64"
},
"product_reference": "MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-16012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16012"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16012",
"url": "https://www.suse.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178894"
},
{
"category": "external",
"summary": "SUSE Bug 1178923 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-16012"
},
{
"cve": "CVE-2020-26951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26951"
}
],
"notes": [
{
"category": "general",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26951",
"url": "https://www.suse.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26951"
},
{
"cve": "CVE-2020-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26953"
}
],
"notes": [
{
"category": "general",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26953",
"url": "https://www.suse.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26953"
},
{
"cve": "CVE-2020-26956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26956"
}
],
"notes": [
{
"category": "general",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26956",
"url": "https://www.suse.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26956"
},
{
"cve": "CVE-2020-26958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26958"
}
],
"notes": [
{
"category": "general",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26958",
"url": "https://www.suse.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26958"
},
{
"cve": "CVE-2020-26959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26959"
}
],
"notes": [
{
"category": "general",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26959",
"url": "https://www.suse.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26959"
},
{
"cve": "CVE-2020-26960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26960"
}
],
"notes": [
{
"category": "general",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26960",
"url": "https://www.suse.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26960"
},
{
"cve": "CVE-2020-26961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26961"
}
],
"notes": [
{
"category": "general",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26961",
"url": "https://www.suse.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26961"
},
{
"cve": "CVE-2020-26965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26965"
}
],
"notes": [
{
"category": "general",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26965",
"url": "https://www.suse.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26965"
},
{
"cve": "CVE-2020-26966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26966"
}
],
"notes": [
{
"category": "general",
"text": "Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26966",
"url": "https://www.suse.com/security/cve/CVE-2020-26966"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26966"
},
{
"cve": "CVE-2020-26968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26968"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26968",
"url": "https://www.suse.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.30.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-25T20:09:06Z",
"details": "important"
}
],
"title": "CVE-2020-26968"
}
]
}
OPENSUSE-SU-2024:10600-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaFirefox-92.0-1.2 on GA media
Notes
Title of the patch
MozillaFirefox-92.0-1.2 on GA media
Description of the patch
These are all security issues fixed in the MozillaFirefox-92.0-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10600
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaFirefox-92.0-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaFirefox-92.0-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10600",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10600-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-6077 page",
"url": "https://www.suse.com/security/cve/CVE-2006-6077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0008 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0009 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0078 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0079 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0775 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0776 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0777 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0780 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0800 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0981 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0995 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0996 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3089 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3285 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3656 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3670 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3734 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3735 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3736 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3737 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3738 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0412 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0414 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0415 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0417 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0418 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0419 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0591 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0592 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0593 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0594 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-4063 page",
"url": "https://www.suse.com/security/cve/CVE-2008-4063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0352 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0354 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0355 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0356 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0357 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0358 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16541 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5373 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5374 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5375 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5376 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5377 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5378 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5379 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5380 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5381 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5382 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5384 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5385 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5386 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5387 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5388 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5389 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5390 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5391 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5392 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5393 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5394 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5395 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5396 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5398 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5399 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5400 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5401 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5402 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5403 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5404 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5405 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5406 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5408 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5410 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5412 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5413 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5414 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5415 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5416 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5417 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5418 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5419 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5420 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5421 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5422 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5426 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5427 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5428 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5429 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5430 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5432 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5432/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5433 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5434 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5435 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5436 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5437 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5438 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5440 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5441 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5442 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5443 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5444 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5445 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5446 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5447 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5448 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5449 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5451 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5453 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5453/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5454 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5455 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5455/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5456 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5456/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5458 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5459 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5461 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5462 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5464 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5465 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5467 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5468 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5469 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7753 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7779 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7780 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7781 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7782 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7783 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7784 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7785 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7786 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7787 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7788 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7789 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7790 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7791 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7792 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7793 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7794 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7796 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7799 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7800 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7801 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7802 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7803 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7804 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7805 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7806 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7807 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7808 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7809 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7810 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7811 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7812 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7813 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7814 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7815 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7816 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7817 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7818 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7819 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7820 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7821 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7822 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7823 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7824 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7825 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7826 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7827 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7828 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7830 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7831 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7832 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7833 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7834 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7835 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7836 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7837 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7838 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7839 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7840 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7842 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7843 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7844 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12364 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12365 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12366 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12367 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12369 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12370 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12370/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12371 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12375 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12376 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12377 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12378 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12379 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12381 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12382 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12382/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12385 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12386 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12387 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12388 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12391 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12398 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12399 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12400 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12401 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12402 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12403 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12406 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18492 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18493 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18494 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18495 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18496 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18497 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18498 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18501 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18502 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18503 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18504 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18505 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18506 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18511 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5089 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5090 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5091 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5092 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5093 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5094 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5095 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5097 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5098 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5099 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5100 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5101 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5102 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5103 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5104 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5105 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5106 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5107 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5108 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5109 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5110 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5111 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5112 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5113 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5114 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5115 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5116 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5117 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5118 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5119 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5121 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5128 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5129 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5131 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5132 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5133 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5134 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5135 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5136 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5137 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5138 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5140 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5141 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5142 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5143 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5146 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5147 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5148 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5150 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5151 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5152 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5153 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5155 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5157 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5158 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5159 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5160 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5163 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5164 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5167 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5168 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5169 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5172 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5173 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5174 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5175 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5176 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5177 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5180 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5181 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5182 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5186 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5187 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11691 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11692 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11693 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11694 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11695 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11696 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11697 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11698 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11699 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11700 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11701 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11707 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11708 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11709 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11710 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11711 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11712 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11713 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11714 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11715 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11716 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11717 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11718 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11719 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11720 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11721 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11724 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11725 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11727 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11728 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11729 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11730 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11733 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11734 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11735 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11737 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11738 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11740 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11742 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11743 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11744 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11746 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11747 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11748 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11749 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11750 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11751 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11752 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11753 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11754 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11756 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11757 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11760 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11761 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11762 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11763 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11764 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11765 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13722 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17000 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17001 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17002 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17005 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17008 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17011 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17012 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17013 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17014 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17016 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17017 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17020 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17022 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17023 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17024 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17025 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17026 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20503 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5849 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9788 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9789 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9790 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9791 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9792 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9793 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9794 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9795 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9796 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9797 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9798 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9799 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9800 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9801 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9802 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9803 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9804 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9805 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9806 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9807 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9808 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9810 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9811 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9812 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9813 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9814 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9815 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9816 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9817 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9818 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9819 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9820 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9821 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12387 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12388 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12391 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12394 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12399 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12400 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12401 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12402 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12406 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12407 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12408 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12409 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12411 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12415 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12416 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12417 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12418 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12419 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12420 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12421 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12422 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12423 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12424 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12425 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12426 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15254 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15652 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15653 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15654 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15655 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15655/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15656 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15657 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15658 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15659 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15663 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15664 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15665 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15666 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15667 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15670 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15673 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15674 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15675 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15676 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15677 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15678 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15680 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15681 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15682 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15683 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15684 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15969 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16012 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16042 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26950 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26951 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26952 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26954 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26955 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26956 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26957 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26958 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26959 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26960 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26961 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26962 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26963 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26965 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26966 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26967 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26968 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26969 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26971 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26972 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26973 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26974 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26975 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26976 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26977 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26978 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26979 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35111 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35112 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35113 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35114 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6463 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6514 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6796 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6797 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6798 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6799 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6800 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6801 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6805 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6806 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6807 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6808 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6809 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6810 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6811 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6812 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6813 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6814 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6815 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6819 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6820 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6821 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6822 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6823 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6824 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6825 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6826 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6829 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6831 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23953 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23954 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23955 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23956 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23957 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23958 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23959 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23960 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23961 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23962 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23963 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23964 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23965 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23970 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23971 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23972 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23974 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23975 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23977 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23978 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23979 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23981 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23982 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23983 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23984 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23985 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23986 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23987 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23988 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23994 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23995 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23996 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23997 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23998 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23999 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24000 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24001 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24002 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29944 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29945 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29946 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29947 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29952 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29959 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29960 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29961 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29962 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29963 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29964 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29965 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29966 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29967 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29971 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29972 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29974 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29975 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29977 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29981 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29982 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29983 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29983/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29984 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29985 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29986 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29987 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29988 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29989 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29990 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29991 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29993 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38491 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38492 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38493 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38494/"
}
],
"title": "MozillaFirefox-92.0-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10600-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-92.0-1.2.aarch64",
"product": {
"name": "MozillaFirefox-92.0-1.2.aarch64",
"product_id": "MozillaFirefox-92.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"product_id": "MozillaFirefox-branding-upstream-92.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-92.0-1.2.aarch64",
"product": {
"name": "MozillaFirefox-devel-92.0-1.2.aarch64",
"product_id": "MozillaFirefox-devel-92.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-92.0-1.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-92.0-1.2.aarch64",
"product_id": "MozillaFirefox-translations-common-92.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-92.0-1.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-92.0-1.2.aarch64",
"product_id": "MozillaFirefox-translations-other-92.0-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-92.0-1.2.ppc64le",
"product": {
"name": "MozillaFirefox-92.0-1.2.ppc64le",
"product_id": "MozillaFirefox-92.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-92.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-92.0-1.2.ppc64le",
"product": {
"name": "MozillaFirefox-devel-92.0-1.2.ppc64le",
"product_id": "MozillaFirefox-devel-92.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"product_id": "MozillaFirefox-translations-common-92.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"product_id": "MozillaFirefox-translations-other-92.0-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-92.0-1.2.s390x",
"product": {
"name": "MozillaFirefox-92.0-1.2.s390x",
"product_id": "MozillaFirefox-92.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"product_id": "MozillaFirefox-branding-upstream-92.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-92.0-1.2.s390x",
"product": {
"name": "MozillaFirefox-devel-92.0-1.2.s390x",
"product_id": "MozillaFirefox-devel-92.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-92.0-1.2.s390x",
"product": {
"name": "MozillaFirefox-translations-common-92.0-1.2.s390x",
"product_id": "MozillaFirefox-translations-common-92.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-92.0-1.2.s390x",
"product": {
"name": "MozillaFirefox-translations-other-92.0-1.2.s390x",
"product_id": "MozillaFirefox-translations-other-92.0-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-92.0-1.2.x86_64",
"product": {
"name": "MozillaFirefox-92.0-1.2.x86_64",
"product_id": "MozillaFirefox-92.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"product_id": "MozillaFirefox-branding-upstream-92.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-92.0-1.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-92.0-1.2.x86_64",
"product_id": "MozillaFirefox-devel-92.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-92.0-1.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-92.0-1.2.x86_64",
"product_id": "MozillaFirefox-translations-common-92.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-92.0-1.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-92.0-1.2.x86_64",
"product_id": "MozillaFirefox-translations-other-92.0-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-92.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64"
},
"product_reference": "MozillaFirefox-92.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-92.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le"
},
"product_reference": "MozillaFirefox-92.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-92.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x"
},
"product_reference": "MozillaFirefox-92.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-92.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64"
},
"product_reference": "MozillaFirefox-92.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64"
},
"product_reference": "MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le"
},
"product_reference": "MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x"
},
"product_reference": "MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-92.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-92.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64"
},
"product_reference": "MozillaFirefox-devel-92.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-92.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-92.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-92.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x"
},
"product_reference": "MozillaFirefox-devel-92.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-92.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-92.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-92.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-92.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-92.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-92.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-92.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-92.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-92.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-92.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-92.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-92.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-92.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x"
},
"product_reference": "MozillaFirefox-translations-other-92.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-92.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-92.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-6077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-6077"
}
],
"notes": [
{
"category": "general",
"text": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-6077",
"url": "https://www.suse.com/security/cve/CVE-2006-6077"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2006-6077",
"url": "https://bugzilla.suse.com/244923"
},
{
"category": "external",
"summary": "SUSE Bug 550618 for CVE-2006-6077",
"url": "https://bugzilla.suse.com/550618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-6077"
},
{
"cve": "CVE-2007-0008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0008"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \"Master Secret\", which results in a heap-based overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0008",
"url": "https://www.suse.com/security/cve/CVE-2007-0008"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0008",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0008"
},
{
"cve": "CVE-2007-0009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0009"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0009",
"url": "https://www.suse.com/security/cve/CVE-2007-0009"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0009",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0009"
},
{
"cve": "CVE-2007-0078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0078"
}
],
"notes": [
{
"category": "general",
"text": "BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0078",
"url": "https://www.suse.com/security/cve/CVE-2007-0078"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0078",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0078"
},
{
"cve": "CVE-2007-0079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0079"
}
],
"notes": [
{
"category": "general",
"text": "rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0079",
"url": "https://www.suse.com/security/cve/CVE-2007-0079"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0079",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-0079"
},
{
"cve": "CVE-2007-0775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0775"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0775",
"url": "https://www.suse.com/security/cve/CVE-2007-0775"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0775",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-0775"
},
{
"cve": "CVE-2007-0776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0776"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0776",
"url": "https://www.suse.com/security/cve/CVE-2007-0776"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0776",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-0776"
},
{
"cve": "CVE-2007-0777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0777"
}
],
"notes": [
{
"category": "general",
"text": "The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0777",
"url": "https://www.suse.com/security/cve/CVE-2007-0777"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0777",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-0777"
},
{
"cve": "CVE-2007-0780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0780"
}
],
"notes": [
{
"category": "general",
"text": "browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0780",
"url": "https://www.suse.com/security/cve/CVE-2007-0780"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0780",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0780"
},
{
"cve": "CVE-2007-0800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0800"
}
],
"notes": [
{
"category": "general",
"text": "Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0800",
"url": "https://www.suse.com/security/cve/CVE-2007-0800"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0800",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0800"
},
{
"cve": "CVE-2007-0981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0981"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0981",
"url": "https://www.suse.com/security/cve/CVE-2007-0981"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0981",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-0981"
},
{
"cve": "CVE-2007-0995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0995"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0995",
"url": "https://www.suse.com/security/cve/CVE-2007-0995"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0995",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0995"
},
{
"cve": "CVE-2007-0996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0996"
}
],
"notes": [
{
"category": "general",
"text": "The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0996",
"url": "https://www.suse.com/security/cve/CVE-2007-0996"
},
{
"category": "external",
"summary": "SUSE Bug 244923 for CVE-2007-0996",
"url": "https://bugzilla.suse.com/244923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0996"
},
{
"cve": "CVE-2007-3089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3089"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the \"promiscuous IFRAME access bug,\" a related issue to CVE-2006-4568.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3089",
"url": "https://www.suse.com/security/cve/CVE-2007-3089"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3089",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-3089"
},
{
"cve": "CVE-2007-3285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3285"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3285",
"url": "https://www.suse.com/security/cve/CVE-2007-3285"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3285",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3285"
},
{
"cve": "CVE-2007-3656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3656"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3656",
"url": "https://www.suse.com/security/cve/CVE-2007-3656"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3656",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3656"
},
{
"cve": "CVE-2007-3670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3670"
}
],
"notes": [
{
"category": "general",
"text": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3670",
"url": "https://www.suse.com/security/cve/CVE-2007-3670"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3670",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3670"
},
{
"cve": "CVE-2007-3734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3734"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3734",
"url": "https://www.suse.com/security/cve/CVE-2007-3734"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3734",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3734"
},
{
"cve": "CVE-2007-3735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3735"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3735",
"url": "https://www.suse.com/security/cve/CVE-2007-3735"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3735",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3735"
},
{
"cve": "CVE-2007-3736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3736"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script \"into another site\u0027s context\" via a \"timing issue\" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3736",
"url": "https://www.suse.com/security/cve/CVE-2007-3736"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3736",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3736"
},
{
"cve": "CVE-2007-3737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3737"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified \"element outside of a document.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3737",
"url": "https://www.suse.com/security/cve/CVE-2007-3737"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3737",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3737"
},
{
"cve": "CVE-2007-3738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3738"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3738",
"url": "https://www.suse.com/security/cve/CVE-2007-3738"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3738",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3738"
},
{
"cve": "CVE-2008-0412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0412"
}
],
"notes": [
{
"category": "general",
"text": "The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0412",
"url": "https://www.suse.com/security/cve/CVE-2008-0412"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0412",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0412"
},
{
"cve": "CVE-2008-0414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0414"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka \"focus spoofing.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0414",
"url": "https://www.suse.com/security/cve/CVE-2008-0414"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0414",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0414"
},
{
"cve": "CVE-2008-0415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0415"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0415",
"url": "https://www.suse.com/security/cve/CVE-2008-0415"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0415",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0415"
},
{
"cve": "CVE-2008-0417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0417"
}
],
"notes": [
{
"category": "general",
"text": "CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user\u0027s password store via newlines that are not properly handled when the user saves a password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0417",
"url": "https://www.suse.com/security/cve/CVE-2008-0417"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0417",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0417"
},
{
"cve": "CVE-2008-0418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0418"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using \"flat\" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0418",
"url": "https://www.suse.com/security/cve/CVE-2008-0418"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0418",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0418"
},
{
"cve": "CVE-2008-0419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0419"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0419",
"url": "https://www.suse.com/security/cve/CVE-2008-0419"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0419",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0419"
},
{
"cve": "CVE-2008-0591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0591"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the \"dialog refocus bug\" or \"ffclick2\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0591",
"url": "https://www.suse.com/security/cve/CVE-2008-0591"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0591",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0591"
},
{
"cve": "CVE-2008-0592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0592"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0592",
"url": "https://www.suse.com/security/cve/CVE-2008-0592"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0592",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0592"
},
{
"cve": "CVE-2008-0593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0593"
}
],
"notes": [
{
"category": "general",
"text": "Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0593",
"url": "https://www.suse.com/security/cve/CVE-2008-0593"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0593",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0593"
},
{
"cve": "CVE-2008-0594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0594"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0594",
"url": "https://www.suse.com/security/cve/CVE-2008-0594"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0594",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0594"
},
{
"cve": "CVE-2008-4063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-4063"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the \"this\" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the \"g\" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-4063",
"url": "https://www.suse.com/security/cve/CVE-2008-4063"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-4063",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-4063"
},
{
"cve": "CVE-2009-0352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0352"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0352",
"url": "https://www.suse.com/security/cve/CVE-2009-0352"
},
{
"category": "external",
"summary": "SUSE Bug 470074 for CVE-2009-0352",
"url": "https://bugzilla.suse.com/470074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2009-0352"
},
{
"cve": "CVE-2009-0354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0354"
}
],
"notes": [
{
"category": "general",
"text": "Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0354",
"url": "https://www.suse.com/security/cve/CVE-2009-0354"
},
{
"category": "external",
"summary": "SUSE Bug 470074 for CVE-2009-0354",
"url": "https://bugzilla.suse.com/470074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2009-0354"
},
{
"cve": "CVE-2009-0355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0355"
}
],
"notes": [
{
"category": "general",
"text": "components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type=\"file\" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0355",
"url": "https://www.suse.com/security/cve/CVE-2009-0355"
},
{
"category": "external",
"summary": "SUSE Bug 470074 for CVE-2009-0355",
"url": "https://bugzilla.suse.com/470074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-0355"
},
{
"cve": "CVE-2009-0356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0356"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0356",
"url": "https://www.suse.com/security/cve/CVE-2009-0356"
},
{
"category": "external",
"summary": "SUSE Bug 470074 for CVE-2009-0356",
"url": "https://bugzilla.suse.com/470074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-0356"
},
{
"cve": "CVE-2009-0357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0357"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0357",
"url": "https://www.suse.com/security/cve/CVE-2009-0357"
},
{
"category": "external",
"summary": "SUSE Bug 470074 for CVE-2009-0357",
"url": "https://bugzilla.suse.com/470074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-0357"
},
{
"cve": "CVE-2009-0358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0358"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim\u0027s browser, as demonstrated by reading the response page of an https POST request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0358",
"url": "https://www.suse.com/security/cve/CVE-2009-0358"
},
{
"category": "external",
"summary": "SUSE Bug 470074 for CVE-2009-0358",
"url": "https://bugzilla.suse.com/470074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2009-0358"
},
{
"cve": "CVE-2017-16541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16541"
}
],
"notes": [
{
"category": "general",
"text": "Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16541",
"url": "https://www.suse.com/security/cve/CVE-2017-16541"
},
{
"category": "external",
"summary": "SUSE Bug 1066489 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1066489"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16541"
},
{
"cve": "CVE-2017-5373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5373"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5373",
"url": "https://www.suse.com/security/cve/CVE-2017-5373"
},
{
"category": "external",
"summary": "SUSE Bug 1021824 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021824"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5373"
},
{
"cve": "CVE-2017-5374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5374"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5374",
"url": "https://www.suse.com/security/cve/CVE-2017-5374"
},
{
"category": "external",
"summary": "SUSE Bug 1021841 for CVE-2017-5374",
"url": "https://bugzilla.suse.com/1021841"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5374",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5374"
},
{
"cve": "CVE-2017-5375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5375"
}
],
"notes": [
{
"category": "general",
"text": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5375",
"url": "https://www.suse.com/security/cve/CVE-2017-5375"
},
{
"category": "external",
"summary": "SUSE Bug 1021814 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021814"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5375"
},
{
"cve": "CVE-2017-5376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5376"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5376",
"url": "https://www.suse.com/security/cve/CVE-2017-5376"
},
{
"category": "external",
"summary": "SUSE Bug 1021817 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021817"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5376"
},
{
"cve": "CVE-2017-5377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5377"
}
],
"notes": [
{
"category": "general",
"text": "A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5377",
"url": "https://www.suse.com/security/cve/CVE-2017-5377"
},
{
"category": "external",
"summary": "SUSE Bug 1021826 for CVE-2017-5377",
"url": "https://bugzilla.suse.com/1021826"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5377",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5377"
},
{
"cve": "CVE-2017-5378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5378"
}
],
"notes": [
{
"category": "general",
"text": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\u0027s address can be discovered through hash codes, and also allows for data leakage of an object\u0027s content using these hash codes. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5378",
"url": "https://www.suse.com/security/cve/CVE-2017-5378"
},
{
"category": "external",
"summary": "SUSE Bug 1021818 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021818"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5378"
},
{
"cve": "CVE-2017-5379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5379"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5379",
"url": "https://www.suse.com/security/cve/CVE-2017-5379"
},
{
"category": "external",
"summary": "SUSE Bug 1021827 for CVE-2017-5379",
"url": "https://bugzilla.suse.com/1021827"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5379",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5379"
},
{
"cve": "CVE-2017-5380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5380"
}
],
"notes": [
{
"category": "general",
"text": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5380",
"url": "https://www.suse.com/security/cve/CVE-2017-5380"
},
{
"category": "external",
"summary": "SUSE Bug 1021819 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021819"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5380"
},
{
"cve": "CVE-2017-5381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5381"
}
],
"notes": [
{
"category": "general",
"text": "The \"export\" function in the Certificate Viewer can force local filesystem navigation when the \"common name\" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5381",
"url": "https://www.suse.com/security/cve/CVE-2017-5381"
},
{
"category": "external",
"summary": "SUSE Bug 1021830 for CVE-2017-5381",
"url": "https://bugzilla.suse.com/1021830"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5381",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5381"
},
{
"cve": "CVE-2017-5382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5382"
}
],
"notes": [
{
"category": "general",
"text": "Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5382",
"url": "https://www.suse.com/security/cve/CVE-2017-5382"
},
{
"category": "external",
"summary": "SUSE Bug 1021831 for CVE-2017-5382",
"url": "https://bugzilla.suse.com/1021831"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5382",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5382"
},
{
"cve": "CVE-2017-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5383"
}
],
"notes": [
{
"category": "general",
"text": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5383",
"url": "https://www.suse.com/security/cve/CVE-2017-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1021822 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021822"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5383"
},
{
"cve": "CVE-2017-5384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5384"
}
],
"notes": [
{
"category": "general",
"text": "Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5384",
"url": "https://www.suse.com/security/cve/CVE-2017-5384"
},
{
"category": "external",
"summary": "SUSE Bug 1021832 for CVE-2017-5384",
"url": "https://bugzilla.suse.com/1021832"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5384",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5384"
},
{
"cve": "CVE-2017-5385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5385"
}
],
"notes": [
{
"category": "general",
"text": "Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5385",
"url": "https://www.suse.com/security/cve/CVE-2017-5385"
},
{
"category": "external",
"summary": "SUSE Bug 1021833 for CVE-2017-5385",
"url": "https://bugzilla.suse.com/1021833"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5385",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5385"
},
{
"cve": "CVE-2017-5386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5386"
}
],
"notes": [
{
"category": "general",
"text": "WebExtension scripts can use the \"data:\" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR \u003c 45.7 and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5386",
"url": "https://www.suse.com/security/cve/CVE-2017-5386"
},
{
"category": "external",
"summary": "SUSE Bug 1021823 for CVE-2017-5386",
"url": "https://bugzilla.suse.com/1021823"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5386",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-5386"
},
{
"cve": "CVE-2017-5387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5387"
}
],
"notes": [
{
"category": "general",
"text": "The existence of a specifically requested local file can be found due to the double firing of the \"onerror\" when the \"source\" attribute on a \"\u003ctrack\u003e\" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5387",
"url": "https://www.suse.com/security/cve/CVE-2017-5387"
},
{
"category": "external",
"summary": "SUSE Bug 1021839 for CVE-2017-5387",
"url": "https://bugzilla.suse.com/1021839"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5387",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-5387"
},
{
"cve": "CVE-2017-5388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5388"
}
],
"notes": [
{
"category": "general",
"text": "A STUN server in conjunction with a large number of \"webkitRTCPeerConnection\" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5388",
"url": "https://www.suse.com/security/cve/CVE-2017-5388"
},
{
"category": "external",
"summary": "SUSE Bug 1021840 for CVE-2017-5388",
"url": "https://bugzilla.suse.com/1021840"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5388",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5388"
},
{
"cve": "CVE-2017-5389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5389"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions could use the \"mozAddonManager\" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5389",
"url": "https://www.suse.com/security/cve/CVE-2017-5389"
},
{
"category": "external",
"summary": "SUSE Bug 1021828 for CVE-2017-5389",
"url": "https://bugzilla.suse.com/1021828"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5389",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5389"
},
{
"cve": "CVE-2017-5390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5390"
}
],
"notes": [
{
"category": "general",
"text": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5390",
"url": "https://www.suse.com/security/cve/CVE-2017-5390"
},
{
"category": "external",
"summary": "SUSE Bug 1021820 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021820"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5390"
},
{
"cve": "CVE-2017-5391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5391"
}
],
"notes": [
{
"category": "general",
"text": "Special \"about:\" pages used by web content, such as RSS feeds, can load privileged \"about:\" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5391",
"url": "https://www.suse.com/security/cve/CVE-2017-5391"
},
{
"category": "external",
"summary": "SUSE Bug 1021835 for CVE-2017-5391",
"url": "https://bugzilla.suse.com/1021835"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5391",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5391"
},
{
"cve": "CVE-2017-5392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5392"
}
],
"notes": [
{
"category": "general",
"text": "Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5392",
"url": "https://www.suse.com/security/cve/CVE-2017-5392"
},
{
"category": "external",
"summary": "SUSE Bug 1021836 for CVE-2017-5392",
"url": "https://bugzilla.suse.com/1021836"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5392"
},
{
"cve": "CVE-2017-5393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5393"
}
],
"notes": [
{
"category": "general",
"text": "The \"mozAddonManager\" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5393",
"url": "https://www.suse.com/security/cve/CVE-2017-5393"
},
{
"category": "external",
"summary": "SUSE Bug 1021837 for CVE-2017-5393",
"url": "https://bugzilla.suse.com/1021837"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5393",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5393"
},
{
"cve": "CVE-2017-5394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5394"
}
],
"notes": [
{
"category": "general",
"text": "A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5394",
"url": "https://www.suse.com/security/cve/CVE-2017-5394"
},
{
"category": "external",
"summary": "SUSE Bug 1021834 for CVE-2017-5394",
"url": "https://bugzilla.suse.com/1021834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5394"
},
{
"cve": "CVE-2017-5395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5395"
}
],
"notes": [
{
"category": "general",
"text": "Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5395",
"url": "https://www.suse.com/security/cve/CVE-2017-5395"
},
{
"category": "external",
"summary": "SUSE Bug 1021838 for CVE-2017-5395",
"url": "https://bugzilla.suse.com/1021838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5395"
},
{
"cve": "CVE-2017-5396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5396"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5396",
"url": "https://www.suse.com/security/cve/CVE-2017-5396"
},
{
"category": "external",
"summary": "SUSE Bug 1021821 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021821"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5396"
},
{
"cve": "CVE-2017-5398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5398"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5398",
"url": "https://www.suse.com/security/cve/CVE-2017-5398"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5398",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5398",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5398"
},
{
"cve": "CVE-2017-5399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5399"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5399",
"url": "https://www.suse.com/security/cve/CVE-2017-5399"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5399",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5399",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5399"
},
{
"cve": "CVE-2017-5400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5400"
}
],
"notes": [
{
"category": "general",
"text": "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5400",
"url": "https://www.suse.com/security/cve/CVE-2017-5400"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5400",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5400",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5400"
},
{
"cve": "CVE-2017-5401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5401"
}
],
"notes": [
{
"category": "general",
"text": "A crash triggerable by web content in which an \"ErrorResult\" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5401",
"url": "https://www.suse.com/security/cve/CVE-2017-5401"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5401",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5401",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5401"
},
{
"cve": "CVE-2017-5402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5402"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5402",
"url": "https://www.suse.com/security/cve/CVE-2017-5402"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5402",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5402",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5402"
},
{
"cve": "CVE-2017-5403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5403"
}
],
"notes": [
{
"category": "general",
"text": "When adding a range to an object in the DOM, it is possible to use \"addRange\" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5403",
"url": "https://www.suse.com/security/cve/CVE-2017-5403"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5403",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5403",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5403"
},
{
"cve": "CVE-2017-5404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5404"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5404",
"url": "https://www.suse.com/security/cve/CVE-2017-5404"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5404",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5404",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5404"
},
{
"cve": "CVE-2017-5405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5405"
}
],
"notes": [
{
"category": "general",
"text": "Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5405",
"url": "https://www.suse.com/security/cve/CVE-2017-5405"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5405",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5405",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5405"
},
{
"cve": "CVE-2017-5406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5406"
}
],
"notes": [
{
"category": "general",
"text": "A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5406",
"url": "https://www.suse.com/security/cve/CVE-2017-5406"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5406",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5406",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5406"
},
{
"cve": "CVE-2017-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5407"
}
],
"notes": [
{
"category": "general",
"text": "Using SVG filters that don\u0027t use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5407",
"url": "https://www.suse.com/security/cve/CVE-2017-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5407",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5407",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5407"
},
{
"cve": "CVE-2017-5408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5408"
}
],
"notes": [
{
"category": "general",
"text": "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5408",
"url": "https://www.suse.com/security/cve/CVE-2017-5408"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5408",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5408",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5408"
},
{
"cve": "CVE-2017-5410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5410"
}
],
"notes": [
{
"category": "general",
"text": "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5410",
"url": "https://www.suse.com/security/cve/CVE-2017-5410"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5410",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5410",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5410"
},
{
"cve": "CVE-2017-5412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5412"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5412",
"url": "https://www.suse.com/security/cve/CVE-2017-5412"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5412",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5412",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5412"
},
{
"cve": "CVE-2017-5413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5413"
}
],
"notes": [
{
"category": "general",
"text": "A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5413",
"url": "https://www.suse.com/security/cve/CVE-2017-5413"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5413",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5413",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5413"
},
{
"cve": "CVE-2017-5414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5414"
}
],
"notes": [
{
"category": "general",
"text": "The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5414",
"url": "https://www.suse.com/security/cve/CVE-2017-5414"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5414",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5414",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5414"
},
{
"cve": "CVE-2017-5415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5415"
}
],
"notes": [
{
"category": "general",
"text": "An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by \"blob:\" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5415",
"url": "https://www.suse.com/security/cve/CVE-2017-5415"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5415",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5415",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5415"
},
{
"cve": "CVE-2017-5416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5416"
}
],
"notes": [
{
"category": "general",
"text": "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5416",
"url": "https://www.suse.com/security/cve/CVE-2017-5416"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5416",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5416",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5416"
},
{
"cve": "CVE-2017-5417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5417"
}
],
"notes": [
{
"category": "general",
"text": "When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5417",
"url": "https://www.suse.com/security/cve/CVE-2017-5417"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5417",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5417",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5417"
},
{
"cve": "CVE-2017-5418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5418"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5418",
"url": "https://www.suse.com/security/cve/CVE-2017-5418"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5418",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5418",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5418"
},
{
"cve": "CVE-2017-5419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5419"
}
],
"notes": [
{
"category": "general",
"text": "If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5419",
"url": "https://www.suse.com/security/cve/CVE-2017-5419"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5419",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5419",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5419"
},
{
"cve": "CVE-2017-5420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5420"
}
],
"notes": [
{
"category": "general",
"text": "A \"javascript:\" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page\u0027s address being displayed correctly. This vulnerability affects Firefox \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5420",
"url": "https://www.suse.com/security/cve/CVE-2017-5420"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5420",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5420",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5420"
},
{
"cve": "CVE-2017-5421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5421"
}
],
"notes": [
{
"category": "general",
"text": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5421",
"url": "https://www.suse.com/security/cve/CVE-2017-5421"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5421",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5421",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5421"
},
{
"cve": "CVE-2017-5422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5422"
}
],
"notes": [
{
"category": "general",
"text": "If a malicious site uses the \"view-source:\" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making \"view-source:\" linkable. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5422",
"url": "https://www.suse.com/security/cve/CVE-2017-5422"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5422",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5422",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5422"
},
{
"cve": "CVE-2017-5426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5426"
}
],
"notes": [
{
"category": "general",
"text": "On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5426",
"url": "https://www.suse.com/security/cve/CVE-2017-5426"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5426",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5426",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5426"
},
{
"cve": "CVE-2017-5427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5427"
}
],
"notes": [
{
"category": "general",
"text": "A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5427",
"url": "https://www.suse.com/security/cve/CVE-2017-5427"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5427",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5427",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5427"
},
{
"cve": "CVE-2017-5428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5428"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user\u0027s computer. This vulnerability affects Firefox ESR \u003c 52.0.1 and Firefox \u003c 52.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5428",
"url": "https://www.suse.com/security/cve/CVE-2017-5428"
},
{
"category": "external",
"summary": "SUSE Bug 1029822 for CVE-2017-5428",
"url": "https://bugzilla.suse.com/1029822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5428"
},
{
"cve": "CVE-2017-5429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5429"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5429",
"url": "https://www.suse.com/security/cve/CVE-2017-5429"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5429",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5429",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5429"
},
{
"cve": "CVE-2017-5430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5430"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5430",
"url": "https://www.suse.com/security/cve/CVE-2017-5430"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5430",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5430",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5430"
},
{
"cve": "CVE-2017-5432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5432"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5432",
"url": "https://www.suse.com/security/cve/CVE-2017-5432"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5432",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5432",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5432"
},
{
"cve": "CVE-2017-5433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5433"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5433",
"url": "https://www.suse.com/security/cve/CVE-2017-5433"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5433",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5433",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5433"
},
{
"cve": "CVE-2017-5434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5434"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5434",
"url": "https://www.suse.com/security/cve/CVE-2017-5434"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5434",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5434",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5434"
},
{
"cve": "CVE-2017-5435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5435"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5435",
"url": "https://www.suse.com/security/cve/CVE-2017-5435"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5435",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5435",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5435"
},
{
"cve": "CVE-2017-5436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5436"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5436",
"url": "https://www.suse.com/security/cve/CVE-2017-5436"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5436",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035204 for CVE-2017-5436",
"url": "https://bugzilla.suse.com/1035204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5436"
},
{
"cve": "CVE-2017-5437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5437"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a duplicate of CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. Notes: All CVE users should reference CVE-2016-10195, CVE-2016-10196, and/or CVE-2016-10197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5437",
"url": "https://www.suse.com/security/cve/CVE-2017-5437"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5437",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5437",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5437"
},
{
"cve": "CVE-2017-5438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5438"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5438",
"url": "https://www.suse.com/security/cve/CVE-2017-5438"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5438",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5438",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5438"
},
{
"cve": "CVE-2017-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5439"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5439",
"url": "https://www.suse.com/security/cve/CVE-2017-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5439",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5439",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5439"
},
{
"cve": "CVE-2017-5440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5440"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5440",
"url": "https://www.suse.com/security/cve/CVE-2017-5440"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5440",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5440",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5440"
},
{
"cve": "CVE-2017-5441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5441"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5441",
"url": "https://www.suse.com/security/cve/CVE-2017-5441"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5441",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5441",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5441"
},
{
"cve": "CVE-2017-5442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5442"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5442",
"url": "https://www.suse.com/security/cve/CVE-2017-5442"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5442",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5442",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5442"
},
{
"cve": "CVE-2017-5443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5443"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5443",
"url": "https://www.suse.com/security/cve/CVE-2017-5443"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5443",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5443",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5443"
},
{
"cve": "CVE-2017-5444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5444"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow vulnerability while parsing \"application/http-index-format\" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5444",
"url": "https://www.suse.com/security/cve/CVE-2017-5444"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5444",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5444",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5444"
},
{
"cve": "CVE-2017-5445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5445"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability while parsing \"application/http-index-format\" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5445",
"url": "https://www.suse.com/security/cve/CVE-2017-5445"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5445",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5445",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5445"
},
{
"cve": "CVE-2017-5446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5446"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read when an HTTP/2 connection to a servers sends \"DATA\" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5446",
"url": "https://www.suse.com/security/cve/CVE-2017-5446"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5446",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5446",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5446"
},
{
"cve": "CVE-2017-5447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5447"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5447",
"url": "https://www.suse.com/security/cve/CVE-2017-5447"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5447",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5447",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5447"
},
{
"cve": "CVE-2017-5448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5448"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds write in \"ClearKeyDecryptor\" while decrypting some Clearkey-encrypted media content. The \"ClearKeyDecryptor\" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5448",
"url": "https://www.suse.com/security/cve/CVE-2017-5448"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5448",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5448",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5448"
},
{
"cve": "CVE-2017-5449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5449"
}
],
"notes": [
{
"category": "general",
"text": "A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5449",
"url": "https://www.suse.com/security/cve/CVE-2017-5449"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5449",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5449",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5449"
},
{
"cve": "CVE-2017-5451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5451"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5451",
"url": "https://www.suse.com/security/cve/CVE-2017-5451"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5451",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5451",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5451"
},
{
"cve": "CVE-2017-5453",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5453"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed\u0027s \"TITLE\" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5453",
"url": "https://www.suse.com/security/cve/CVE-2017-5453"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5453",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5453",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5453"
},
{
"cve": "CVE-2017-5454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5454"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5454",
"url": "https://www.suse.com/security/cve/CVE-2017-5454"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5454",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5454",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-5454"
},
{
"cve": "CVE-2017-5455",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5455"
}
],
"notes": [
{
"category": "general",
"text": "The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR \u003c 52.1 and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5455",
"url": "https://www.suse.com/security/cve/CVE-2017-5455"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5455",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5455",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5455"
},
{
"cve": "CVE-2017-5456",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5456"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR \u003c 52.1 and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5456",
"url": "https://www.suse.com/security/cve/CVE-2017-5456"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5456",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5456",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5456"
},
{
"cve": "CVE-2017-5458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5458"
}
],
"notes": [
{
"category": "general",
"text": "When a \"javascript:\" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5458",
"url": "https://www.suse.com/security/cve/CVE-2017-5458"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5458",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5458",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5458"
},
{
"cve": "CVE-2017-5459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5459"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5459",
"url": "https://www.suse.com/security/cve/CVE-2017-5459"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5459",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5459",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5459"
},
{
"cve": "CVE-2017-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5460"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5460",
"url": "https://www.suse.com/security/cve/CVE-2017-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5460",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5460",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5460"
},
{
"cve": "CVE-2017-5461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5461"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5461",
"url": "https://www.suse.com/security/cve/CVE-2017-5461"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5461",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5461",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5461"
},
{
"cve": "CVE-2017-5462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5462"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5462",
"url": "https://www.suse.com/security/cve/CVE-2017-5462"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5462",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5462",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5462"
},
{
"cve": "CVE-2017-5464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5464"
}
],
"notes": [
{
"category": "general",
"text": "During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5464",
"url": "https://www.suse.com/security/cve/CVE-2017-5464"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5464",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5464",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5464"
},
{
"cve": "CVE-2017-5465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5465"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5465",
"url": "https://www.suse.com/security/cve/CVE-2017-5465"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5465",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5465",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5465"
},
{
"cve": "CVE-2017-5466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5466"
}
],
"notes": [
{
"category": "general",
"text": "If a page is loaded from an original site through a hyperlink and contains a redirect to a \"data:text/html\" URL, triggering a reload will run the reloaded \"data:text/html\" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5466",
"url": "https://www.suse.com/security/cve/CVE-2017-5466"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5466",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5466",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5466"
},
{
"cve": "CVE-2017-5467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5467"
}
],
"notes": [
{
"category": "general",
"text": "A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5467",
"url": "https://www.suse.com/security/cve/CVE-2017-5467"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5467",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5467",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5467"
},
{
"cve": "CVE-2017-5468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5468"
}
],
"notes": [
{
"category": "general",
"text": "An issue with incorrect ownership model of \"privateBrowsing\" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5468",
"url": "https://www.suse.com/security/cve/CVE-2017-5468"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5468",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5468",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5468"
},
{
"cve": "CVE-2017-5469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5469"
}
],
"notes": [
{
"category": "general",
"text": "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5469",
"url": "https://www.suse.com/security/cve/CVE-2017-5469"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5469",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5469",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5469"
},
{
"cve": "CVE-2017-7753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7753"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7753",
"url": "https://www.suse.com/security/cve/CVE-2017-7753"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7753",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7753"
},
{
"cve": "CVE-2017-7779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7779"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7779",
"url": "https://www.suse.com/security/cve/CVE-2017-7779"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7779",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7779"
},
{
"cve": "CVE-2017-7780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7780"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7780",
"url": "https://www.suse.com/security/cve/CVE-2017-7780"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7780",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7780"
},
{
"cve": "CVE-2017-7781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7781"
}
],
"notes": [
{
"category": "general",
"text": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7781",
"url": "https://www.suse.com/security/cve/CVE-2017-7781"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7781",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7781"
},
{
"cve": "CVE-2017-7782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7782"
}
],
"notes": [
{
"category": "general",
"text": "An error in the \"WindowsDllDetourPatcher\" where a RWX (\"Read/Write/Execute\") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7782",
"url": "https://www.suse.com/security/cve/CVE-2017-7782"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7782",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7782"
},
{
"cve": "CVE-2017-7783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7783"
}
],
"notes": [
{
"category": "general",
"text": "If a long user name is used in a username/password combination in a site URL (such as \" http://UserName:Password@example.com\"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7783",
"url": "https://www.suse.com/security/cve/CVE-2017-7783"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7783",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7783"
},
{
"cve": "CVE-2017-7784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7784"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7784",
"url": "https://www.suse.com/security/cve/CVE-2017-7784"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7784",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7784"
},
{
"cve": "CVE-2017-7785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7785"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7785",
"url": "https://www.suse.com/security/cve/CVE-2017-7785"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7785",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7785"
},
{
"cve": "CVE-2017-7786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7786",
"url": "https://www.suse.com/security/cve/CVE-2017-7786"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7786",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7786"
},
{
"cve": "CVE-2017-7787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7787"
}
],
"notes": [
{
"category": "general",
"text": "Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7787",
"url": "https://www.suse.com/security/cve/CVE-2017-7787"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7787",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7787"
},
{
"cve": "CVE-2017-7788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7788"
}
],
"notes": [
{
"category": "general",
"text": "When an \"iframe\" has a \"sandbox\" attribute and its content is specified using \"srcdoc\", that content does not inherit the containing page\u0027s Content Security Policy (CSP) as it should unless the sandbox attribute included \"allow-same-origin\". This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7788",
"url": "https://www.suse.com/security/cve/CVE-2017-7788"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7788",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7788"
},
{
"cve": "CVE-2017-7789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7789"
}
],
"notes": [
{
"category": "general",
"text": "If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7789",
"url": "https://www.suse.com/security/cve/CVE-2017-7789"
},
{
"category": "external",
"summary": "SUSE Bug 1047281 for CVE-2017-7789",
"url": "https://bugzilla.suse.com/1047281"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7789",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7789"
},
{
"cve": "CVE-2017-7790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7790"
}
],
"notes": [
{
"category": "general",
"text": "On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7790",
"url": "https://www.suse.com/security/cve/CVE-2017-7790"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7790",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7790"
},
{
"cve": "CVE-2017-7791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7791"
}
],
"notes": [
{
"category": "general",
"text": "On pages containing an iframe, the \"data:\" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7791",
"url": "https://www.suse.com/security/cve/CVE-2017-7791"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7791",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7791"
},
{
"cve": "CVE-2017-7792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7792"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7792",
"url": "https://www.suse.com/security/cve/CVE-2017-7792"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7792",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7792"
},
{
"cve": "CVE-2017-7793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7793"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7793",
"url": "https://www.suse.com/security/cve/CVE-2017-7793"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7793",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7793"
},
{
"cve": "CVE-2017-7794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7794"
}
],
"notes": [
{
"category": "general",
"text": "On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7794",
"url": "https://www.suse.com/security/cve/CVE-2017-7794"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7794",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7794"
},
{
"cve": "CVE-2017-7796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7796"
}
],
"notes": [
{
"category": "general",
"text": "On Windows systems, the logger run by the Windows updater deletes the file \"update.log\" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named \"update.log\" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7796",
"url": "https://www.suse.com/security/cve/CVE-2017-7796"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7796",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7796"
},
{
"cve": "CVE-2017-7797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7797"
}
],
"notes": [
{
"category": "general",
"text": "Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7797",
"url": "https://www.suse.com/security/cve/CVE-2017-7797"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7797",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7797"
},
{
"cve": "CVE-2017-7798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7798"
}
],
"notes": [
{
"category": "general",
"text": "The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR \u003c 52.3 and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7798",
"url": "https://www.suse.com/security/cve/CVE-2017-7798"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7798",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7798"
},
{
"cve": "CVE-2017-7799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7799"
}
],
"notes": [
{
"category": "general",
"text": "JavaScript in the \"about:webrtc\" page is not sanitized properly being assigned to \"innerHTML\". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7799",
"url": "https://www.suse.com/security/cve/CVE-2017-7799"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7799",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7799"
},
{
"cve": "CVE-2017-7800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7800"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7800",
"url": "https://www.suse.com/security/cve/CVE-2017-7800"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7800",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7800"
},
{
"cve": "CVE-2017-7801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7801"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7801",
"url": "https://www.suse.com/security/cve/CVE-2017-7801"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7801",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7801"
},
{
"cve": "CVE-2017-7802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7802"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7802",
"url": "https://www.suse.com/security/cve/CVE-2017-7802"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7802",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7802"
},
{
"cve": "CVE-2017-7803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7803"
}
],
"notes": [
{
"category": "general",
"text": "When a page\u0027s content security policy (CSP) header contains a \"sandbox\" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7803",
"url": "https://www.suse.com/security/cve/CVE-2017-7803"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7803",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7803"
},
{
"cve": "CVE-2017-7804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7804"
}
],
"notes": [
{
"category": "general",
"text": "The destructor function for the \"WindowsDllDetourPatcher\" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7804",
"url": "https://www.suse.com/security/cve/CVE-2017-7804"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7804",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7804"
},
{
"cve": "CVE-2017-7805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7805"
}
],
"notes": [
{
"category": "general",
"text": "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7805",
"url": "https://www.suse.com/security/cve/CVE-2017-7805"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7805",
"url": "https://bugzilla.suse.com/1060445"
},
{
"category": "external",
"summary": "SUSE Bug 1061005 for CVE-2017-7805",
"url": "https://bugzilla.suse.com/1061005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7805"
},
{
"cve": "CVE-2017-7806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7806"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7806",
"url": "https://www.suse.com/security/cve/CVE-2017-7806"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7806",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7806"
},
{
"cve": "CVE-2017-7807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7807"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7807",
"url": "https://www.suse.com/security/cve/CVE-2017-7807"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7807",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7807"
},
{
"cve": "CVE-2017-7808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7808"
}
],
"notes": [
{
"category": "general",
"text": "A content security policy (CSP) \"frame-ancestors\" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7808",
"url": "https://www.suse.com/security/cve/CVE-2017-7808"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7808",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7808"
},
{
"cve": "CVE-2017-7809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7809"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7809",
"url": "https://www.suse.com/security/cve/CVE-2017-7809"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7809",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7809"
},
{
"cve": "CVE-2017-7810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7810"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7810",
"url": "https://www.suse.com/security/cve/CVE-2017-7810"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7810",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7810"
},
{
"cve": "CVE-2017-7811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7811"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7811",
"url": "https://www.suse.com/security/cve/CVE-2017-7811"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7811",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7811"
},
{
"cve": "CVE-2017-7812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7812"
}
],
"notes": [
{
"category": "general",
"text": "If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through \"file:\" URLs. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7812",
"url": "https://www.suse.com/security/cve/CVE-2017-7812"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7812",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7812"
},
{
"cve": "CVE-2017-7813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7813"
}
],
"notes": [
{
"category": "general",
"text": "Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7813",
"url": "https://www.suse.com/security/cve/CVE-2017-7813"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7813",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7813"
},
{
"cve": "CVE-2017-7814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7814"
}
],
"notes": [
{
"category": "general",
"text": "File downloads encoded with \"blob:\" and \"data:\" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7814",
"url": "https://www.suse.com/security/cve/CVE-2017-7814"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7814",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7814"
},
{
"cve": "CVE-2017-7815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7815"
}
],
"notes": [
{
"category": "general",
"text": "On pages containing an iframe, the \"data:\" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog\u0027s location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7815",
"url": "https://www.suse.com/security/cve/CVE-2017-7815"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7815",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7815"
},
{
"cve": "CVE-2017-7816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7816"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions could use popups and panels in the extension UI to load an \"about:\" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7816",
"url": "https://www.suse.com/security/cve/CVE-2017-7816"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7816",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7816"
},
{
"cve": "CVE-2017-7817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7817"
}
],
"notes": [
{
"category": "general",
"text": "A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7817",
"url": "https://www.suse.com/security/cve/CVE-2017-7817"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7817",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7817"
},
{
"cve": "CVE-2017-7818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7818"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7818",
"url": "https://www.suse.com/security/cve/CVE-2017-7818"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7818",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7818"
},
{
"cve": "CVE-2017-7819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7819"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7819",
"url": "https://www.suse.com/security/cve/CVE-2017-7819"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7819",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7819"
},
{
"cve": "CVE-2017-7820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7820"
}
],
"notes": [
{
"category": "general",
"text": "The \"instanceof\" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7820",
"url": "https://www.suse.com/security/cve/CVE-2017-7820"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7820",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7820"
},
{
"cve": "CVE-2017-7821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7821"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7821",
"url": "https://www.suse.com/security/cve/CVE-2017-7821"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7821",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7821"
},
{
"cve": "CVE-2017-7822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7822"
}
],
"notes": [
{
"category": "general",
"text": "The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox \u003c 56.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7822",
"url": "https://www.suse.com/security/cve/CVE-2017-7822"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7822",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7822"
},
{
"cve": "CVE-2017-7823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7823"
}
],
"notes": [
{
"category": "general",
"text": "The content security policy (CSP) \"sandbox\" directive did not create a unique origin for the document, causing it to behave as if the \"allow-same-origin\" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7823",
"url": "https://www.suse.com/security/cve/CVE-2017-7823"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7823",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7823"
},
{
"cve": "CVE-2017-7824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7824"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7824",
"url": "https://www.suse.com/security/cve/CVE-2017-7824"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7824",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7824"
},
{
"cve": "CVE-2017-7825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7825"
}
],
"notes": [
{
"category": "general",
"text": "Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7825",
"url": "https://www.suse.com/security/cve/CVE-2017-7825"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7825",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7825"
},
{
"cve": "CVE-2017-7826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7826"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 57, Firefox ESR \u003c 52.5, and Thunderbird \u003c 52.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7826",
"url": "https://www.suse.com/security/cve/CVE-2017-7826"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7826",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7826"
},
{
"cve": "CVE-2017-7827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7827"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7827",
"url": "https://www.suse.com/security/cve/CVE-2017-7827"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7827",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7827"
},
{
"cve": "CVE-2017-7828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7828"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox \u003c 57, Firefox ESR \u003c 52.5, and Thunderbird \u003c 52.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7828",
"url": "https://www.suse.com/security/cve/CVE-2017-7828"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7828",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7828"
},
{
"cve": "CVE-2017-7830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7830"
}
],
"notes": [
{
"category": "general",
"text": "The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox \u003c 57, Firefox ESR \u003c 52.5, and Thunderbird \u003c 52.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7830",
"url": "https://www.suse.com/security/cve/CVE-2017-7830"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7830",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7830"
},
{
"cve": "CVE-2017-7831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7831"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated \"_exposedProps_\" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7831",
"url": "https://www.suse.com/security/cve/CVE-2017-7831"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7831",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7831"
},
{
"cve": "CVE-2017-7832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7832"
}
],
"notes": [
{
"category": "general",
"text": "The combined, single character, version of the letter \u0027i\u0027 with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of \u0027i\u0027 followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7832",
"url": "https://www.suse.com/security/cve/CVE-2017-7832"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7832",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7832"
},
{
"cve": "CVE-2017-7833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7833"
}
],
"notes": [
{
"category": "general",
"text": "Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7833",
"url": "https://www.suse.com/security/cve/CVE-2017-7833"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7833",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7833"
},
{
"cve": "CVE-2017-7834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7834"
}
],
"notes": [
{
"category": "general",
"text": "A \"data:\" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when \"data:\" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7834",
"url": "https://www.suse.com/security/cve/CVE-2017-7834"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7834",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7834"
},
{
"cve": "CVE-2017-7835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7835"
}
],
"notes": [
{
"category": "general",
"text": "Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7835",
"url": "https://www.suse.com/security/cve/CVE-2017-7835"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7835",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7835"
},
{
"cve": "CVE-2017-7836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7836"
}
],
"notes": [
{
"category": "general",
"text": "The \"pingsender\" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox\u0027s privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7836",
"url": "https://www.suse.com/security/cve/CVE-2017-7836"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7836",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7836"
},
{
"cve": "CVE-2017-7837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7837"
}
],
"notes": [
{
"category": "general",
"text": "SVG loaded through \"\u003cimg\u003e\" tags can use \"\u003cmeta\u003e\" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7837",
"url": "https://www.suse.com/security/cve/CVE-2017-7837"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7837",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7837"
},
{
"cve": "CVE-2017-7838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7838"
}
],
"notes": [
{
"category": "general",
"text": "Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7838",
"url": "https://www.suse.com/security/cve/CVE-2017-7838"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7838",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7838"
},
{
"cve": "CVE-2017-7839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7839"
}
],
"notes": [
{
"category": "general",
"text": "Control characters prepended before \"javascript:\" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7839",
"url": "https://www.suse.com/security/cve/CVE-2017-7839"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7839",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7839"
},
{
"cve": "CVE-2017-7840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7840"
}
],
"notes": [
{
"category": "general",
"text": "JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7840",
"url": "https://www.suse.com/security/cve/CVE-2017-7840"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7840",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7840"
},
{
"cve": "CVE-2017-7842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7842"
}
],
"notes": [
{
"category": "general",
"text": "If a document\u0027s Referrer Policy attribute is set to \"no-referrer\" sometimes two network requests are made for \"\u003clink\u003e\" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox \u003c 57.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7842",
"url": "https://www.suse.com/security/cve/CVE-2017-7842"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7842",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7842"
},
{
"cve": "CVE-2017-7843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7843"
}
],
"notes": [
{
"category": "general",
"text": "When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR \u003c 52.5.2 and Firefox \u003c 57.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7843",
"url": "https://www.suse.com/security/cve/CVE-2017-7843"
},
{
"category": "external",
"summary": "SUSE Bug 1072034 for CVE-2017-7843",
"url": "https://bugzilla.suse.com/1072034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7843"
},
{
"cve": "CVE-2017-7844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7844"
}
],
"notes": [
{
"category": "general",
"text": "A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox \u003c 57.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7844",
"url": "https://www.suse.com/security/cve/CVE-2017-7844"
},
{
"category": "external",
"summary": "SUSE Bug 1072034 for CVE-2017-7844",
"url": "https://bugzilla.suse.com/1072034"
},
{
"category": "external",
"summary": "SUSE Bug 1072036 for CVE-2017-7844",
"url": "https://bugzilla.suse.com/1072036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7844"
},
{
"cve": "CVE-2018-12358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12358"
}
],
"notes": [
{
"category": "general",
"text": "Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12358",
"url": "https://www.suse.com/security/cve/CVE-2018-12358"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12358",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12358"
},
{
"cve": "CVE-2018-12359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12359"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12359",
"url": "https://www.suse.com/security/cve/CVE-2018-12359"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12359",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12359"
},
{
"cve": "CVE-2018-12360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12360"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12360",
"url": "https://www.suse.com/security/cve/CVE-2018-12360"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12360",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12360"
},
{
"cve": "CVE-2018-12361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12361"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12361",
"url": "https://www.suse.com/security/cve/CVE-2018-12361"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12361",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12361"
},
{
"cve": "CVE-2018-12362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12362"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12362",
"url": "https://www.suse.com/security/cve/CVE-2018-12362"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12362",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12362"
},
{
"cve": "CVE-2018-12363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12363"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12363",
"url": "https://www.suse.com/security/cve/CVE-2018-12363"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12363",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12363"
},
{
"cve": "CVE-2018-12364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12364"
}
],
"notes": [
{
"category": "general",
"text": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12364",
"url": "https://www.suse.com/security/cve/CVE-2018-12364"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12364",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12364"
},
{
"cve": "CVE-2018-12365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12365"
}
],
"notes": [
{
"category": "general",
"text": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12365",
"url": "https://www.suse.com/security/cve/CVE-2018-12365"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12365",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12365"
},
{
"cve": "CVE-2018-12366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12366"
}
],
"notes": [
{
"category": "general",
"text": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12366",
"url": "https://www.suse.com/security/cve/CVE-2018-12366"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12366",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12366"
},
{
"cve": "CVE-2018-12367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12367"
}
],
"notes": [
{
"category": "general",
"text": "In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12367",
"url": "https://www.suse.com/security/cve/CVE-2018-12367"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12367",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12367"
},
{
"cve": "CVE-2018-12369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12369"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR \u003c 60.1 and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12369",
"url": "https://www.suse.com/security/cve/CVE-2018-12369"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12369",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12369"
},
{
"cve": "CVE-2018-12370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12370"
}
],
"notes": [
{
"category": "general",
"text": "In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12370",
"url": "https://www.suse.com/security/cve/CVE-2018-12370"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12370",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12370"
},
{
"cve": "CVE-2018-12371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12371"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.1, Thunderbird \u003c 60, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12371",
"url": "https://www.suse.com/security/cve/CVE-2018-12371"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12371",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12371"
},
{
"cve": "CVE-2018-12375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12375"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 62.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12375",
"url": "https://www.suse.com/security/cve/CVE-2018-12375"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12375",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12375"
},
{
"cve": "CVE-2018-12376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12376"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12376",
"url": "https://www.suse.com/security/cve/CVE-2018-12376"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12376",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12376"
},
{
"cve": "CVE-2018-12377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12377"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12377",
"url": "https://www.suse.com/security/cve/CVE-2018-12377"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12377",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12377"
},
{
"cve": "CVE-2018-12378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12378"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12378",
"url": "https://www.suse.com/security/cve/CVE-2018-12378"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12378",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12378"
},
{
"cve": "CVE-2018-12379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12379"
}
],
"notes": [
{
"category": "general",
"text": "When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12379",
"url": "https://www.suse.com/security/cve/CVE-2018-12379"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12379",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12379"
},
{
"cve": "CVE-2018-12381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12381"
}
],
"notes": [
{
"category": "general",
"text": "Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message\u0027s mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR \u003c 60.2 and Firefox \u003c 62.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12381",
"url": "https://www.suse.com/security/cve/CVE-2018-12381"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12381",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12381"
},
{
"cve": "CVE-2018-12382",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12382"
}
],
"notes": [
{
"category": "general",
"text": "The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android \u003c 62.*",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12382",
"url": "https://www.suse.com/security/cve/CVE-2018-12382"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12382",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12382"
},
{
"cve": "CVE-2018-12383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12383"
}
],
"notes": [
{
"category": "general",
"text": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12383",
"url": "https://www.suse.com/security/cve/CVE-2018-12383"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12383",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12383"
},
{
"cve": "CVE-2018-12385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12385"
}
],
"notes": [
{
"category": "general",
"text": "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird \u003c 60.2.1, Firefox ESR \u003c 60.2.1, and Firefox \u003c 62.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12385",
"url": "https://www.suse.com/security/cve/CVE-2018-12385"
},
{
"category": "external",
"summary": "SUSE Bug 1109363 for CVE-2018-12385",
"url": "https://bugzilla.suse.com/1109363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12385"
},
{
"cve": "CVE-2018-12386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12386"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12386",
"url": "https://www.suse.com/security/cve/CVE-2018-12386"
},
{
"category": "external",
"summary": "SUSE Bug 1110506 for CVE-2018-12386",
"url": "https://bugzilla.suse.com/1110506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12386"
},
{
"cve": "CVE-2018-12387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12387"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12387",
"url": "https://www.suse.com/security/cve/CVE-2018-12387"
},
{
"category": "external",
"summary": "SUSE Bug 1110507 for CVE-2018-12387",
"url": "https://bugzilla.suse.com/1110507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12387"
},
{
"cve": "CVE-2018-12388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12388"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12388",
"url": "https://www.suse.com/security/cve/CVE-2018-12388"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12388",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12388"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12391"
}
],
"notes": [
{
"category": "general",
"text": "During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12391",
"url": "https://www.suse.com/security/cve/CVE-2018-12391"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12391",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12391"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
},
{
"cve": "CVE-2018-12398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12398"
}
],
"notes": [
{
"category": "general",
"text": "By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12398",
"url": "https://www.suse.com/security/cve/CVE-2018-12398"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12398",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12398"
},
{
"cve": "CVE-2018-12399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12399"
}
],
"notes": [
{
"category": "general",
"text": "When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12399",
"url": "https://www.suse.com/security/cve/CVE-2018-12399"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12399",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12399"
},
{
"cve": "CVE-2018-12400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12400"
}
],
"notes": [
{
"category": "general",
"text": "In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12400",
"url": "https://www.suse.com/security/cve/CVE-2018-12400"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12400",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12400"
},
{
"cve": "CVE-2018-12401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12401"
}
],
"notes": [
{
"category": "general",
"text": "Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a \u0027?\u0027 in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12401",
"url": "https://www.suse.com/security/cve/CVE-2018-12401"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12401",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12401"
},
{
"cve": "CVE-2018-12402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12402"
}
],
"notes": [
{
"category": "general",
"text": "The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of \"Save Page As...\" functionality. For example, a malicious page could recover a visitor\u0027s Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the \"Save Page As...\" menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12402",
"url": "https://www.suse.com/security/cve/CVE-2018-12402"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12402",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12402"
},
{
"cve": "CVE-2018-12403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12403"
}
],
"notes": [
{
"category": "general",
"text": "If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12403",
"url": "https://www.suse.com/security/cve/CVE-2018-12403"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12403",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12403"
},
{
"cve": "CVE-2018-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12405"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12405",
"url": "https://www.suse.com/security/cve/CVE-2018-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12405"
},
{
"cve": "CVE-2018-12406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12406"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12406",
"url": "https://www.suse.com/security/cve/CVE-2018-12406"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12406",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12406",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12406"
},
{
"cve": "CVE-2018-12407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12407"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12407",
"url": "https://www.suse.com/security/cve/CVE-2018-12407"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12407",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12407",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12407"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18492"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18492",
"url": "https://www.suse.com/security/cve/CVE-2018-18492"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18492"
},
{
"cve": "CVE-2018-18493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18493"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18493",
"url": "https://www.suse.com/security/cve/CVE-2018-18493"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18493"
},
{
"cve": "CVE-2018-18494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18494"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18494",
"url": "https://www.suse.com/security/cve/CVE-2018-18494"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18494"
},
{
"cve": "CVE-2018-18495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18495"
}
],
"notes": [
{
"category": "general",
"text": "WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18495",
"url": "https://www.suse.com/security/cve/CVE-2018-18495"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18495",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18495",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18495"
},
{
"cve": "CVE-2018-18496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18496"
}
],
"notes": [
{
"category": "general",
"text": "When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18496",
"url": "https://www.suse.com/security/cve/CVE-2018-18496"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18496",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18496"
},
{
"cve": "CVE-2018-18497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18497"
}
],
"notes": [
{
"category": "general",
"text": "Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18497",
"url": "https://www.suse.com/security/cve/CVE-2018-18497"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18497",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18497",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18497"
},
{
"cve": "CVE-2018-18498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18498"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18498",
"url": "https://www.suse.com/security/cve/CVE-2018-18498"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18498"
},
{
"cve": "CVE-2018-18500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18500"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18500",
"url": "https://www.suse.com/security/cve/CVE-2018-18500"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18500"
},
{
"cve": "CVE-2018-18501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18501"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18501",
"url": "https://www.suse.com/security/cve/CVE-2018-18501"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18501"
},
{
"cve": "CVE-2018-18502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18502"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18502",
"url": "https://www.suse.com/security/cve/CVE-2018-18502"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18502",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18502",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18502"
},
{
"cve": "CVE-2018-18503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18503"
}
],
"notes": [
{
"category": "general",
"text": "When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18503",
"url": "https://www.suse.com/security/cve/CVE-2018-18503"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18503",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18503",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18503"
},
{
"cve": "CVE-2018-18504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18504"
}
],
"notes": [
{
"category": "general",
"text": "A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18504",
"url": "https://www.suse.com/security/cve/CVE-2018-18504"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18504",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18504",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18504"
},
{
"cve": "CVE-2018-18505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18505"
}
],
"notes": [
{
"category": "general",
"text": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18505",
"url": "https://www.suse.com/security/cve/CVE-2018-18505"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18505"
},
{
"cve": "CVE-2018-18506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18506"
}
],
"notes": [
{
"category": "general",
"text": "When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18506",
"url": "https://www.suse.com/security/cve/CVE-2018-18506"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18506",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2018-18506",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18506",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18506"
},
{
"cve": "CVE-2018-18511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18511"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18511",
"url": "https://www.suse.com/security/cve/CVE-2018-18511"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125396"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18511"
},
{
"cve": "CVE-2018-5089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5089"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5089",
"url": "https://www.suse.com/security/cve/CVE-2018-5089"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5089",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5089"
},
{
"cve": "CVE-2018-5090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5090"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5090",
"url": "https://www.suse.com/security/cve/CVE-2018-5090"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5090",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-5090"
},
{
"cve": "CVE-2018-5091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5091"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.6 and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5091",
"url": "https://www.suse.com/security/cve/CVE-2018-5091"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5091",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5091"
},
{
"cve": "CVE-2018-5092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5092"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5092",
"url": "https://www.suse.com/security/cve/CVE-2018-5092"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5092",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5092"
},
{
"cve": "CVE-2018-5093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5093"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5093",
"url": "https://www.suse.com/security/cve/CVE-2018-5093"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5093",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5093"
},
{
"cve": "CVE-2018-5094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5094"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow vulnerability may occur in WebAssembly when \"shrinkElements\" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5094",
"url": "https://www.suse.com/security/cve/CVE-2018-5094"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5094",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5094"
},
{
"cve": "CVE-2018-5095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5095"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5095",
"url": "https://www.suse.com/security/cve/CVE-2018-5095"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5095",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5095"
},
{
"cve": "CVE-2018-5097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5097"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5097",
"url": "https://www.suse.com/security/cve/CVE-2018-5097"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5097",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5097"
},
{
"cve": "CVE-2018-5098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5098"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5098",
"url": "https://www.suse.com/security/cve/CVE-2018-5098"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5098",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5098"
},
{
"cve": "CVE-2018-5099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5099"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5099",
"url": "https://www.suse.com/security/cve/CVE-2018-5099"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5099",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5099"
},
{
"cve": "CVE-2018-5100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5100"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when arguments passed to the \"IsPotentiallyScrollable\" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5100",
"url": "https://www.suse.com/security/cve/CVE-2018-5100"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5100",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5100"
},
{
"cve": "CVE-2018-5101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5101"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating floating \"first-letter\" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5101",
"url": "https://www.suse.com/security/cve/CVE-2018-5101"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5101",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5101"
},
{
"cve": "CVE-2018-5102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5102"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5102",
"url": "https://www.suse.com/security/cve/CVE-2018-5102"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5102",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5102"
},
{
"cve": "CVE-2018-5103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5103"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5103",
"url": "https://www.suse.com/security/cve/CVE-2018-5103"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5103",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5103"
},
{
"cve": "CVE-2018-5104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5104"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5104",
"url": "https://www.suse.com/security/cve/CVE-2018-5104"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5104",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5104"
},
{
"cve": "CVE-2018-5105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5105"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5105",
"url": "https://www.suse.com/security/cve/CVE-2018-5105"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5105",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5105"
},
{
"cve": "CVE-2018-5106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5106"
}
],
"notes": [
{
"category": "general",
"text": "Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5106",
"url": "https://www.suse.com/security/cve/CVE-2018-5106"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5106",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5106"
},
{
"cve": "CVE-2018-5107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5107"
}
],
"notes": [
{
"category": "general",
"text": "The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5107",
"url": "https://www.suse.com/security/cve/CVE-2018-5107"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5107",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5107"
},
{
"cve": "CVE-2018-5108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5108"
}
],
"notes": [
{
"category": "general",
"text": "A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5108",
"url": "https://www.suse.com/security/cve/CVE-2018-5108"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5108",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5108"
},
{
"cve": "CVE-2018-5109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5109"
}
],
"notes": [
{
"category": "general",
"text": "An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5109",
"url": "https://www.suse.com/security/cve/CVE-2018-5109"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5109",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5109"
},
{
"cve": "CVE-2018-5110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5110"
}
],
"notes": [
{
"category": "general",
"text": "If cursor visibility is toggled by script using from \u0027none\u0027 to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5110",
"url": "https://www.suse.com/security/cve/CVE-2018-5110"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5110",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5110"
},
{
"cve": "CVE-2018-5111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5111"
}
],
"notes": [
{
"category": "general",
"text": "When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5111",
"url": "https://www.suse.com/security/cve/CVE-2018-5111"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5111",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5111"
},
{
"cve": "CVE-2018-5112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5112"
}
],
"notes": [
{
"category": "general",
"text": "Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5112",
"url": "https://www.suse.com/security/cve/CVE-2018-5112"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5112",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5112"
},
{
"cve": "CVE-2018-5113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5113"
}
],
"notes": [
{
"category": "general",
"text": "The \"browser.identity.launchWebAuthFlow\" function of WebExtensions is only allowed to load content over \"https:\" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5113",
"url": "https://www.suse.com/security/cve/CVE-2018-5113"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5113",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5113"
},
{
"cve": "CVE-2018-5114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5114"
}
],
"notes": [
{
"category": "general",
"text": "If an existing cookie is changed to be \"HttpOnly\" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5114",
"url": "https://www.suse.com/security/cve/CVE-2018-5114"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5114",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5114"
},
{
"cve": "CVE-2018-5115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5115"
}
],
"notes": [
{
"category": "general",
"text": "If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5115",
"url": "https://www.suse.com/security/cve/CVE-2018-5115"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5115",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5115"
},
{
"cve": "CVE-2018-5116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5116"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions with the \"ActiveTab\" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5116",
"url": "https://www.suse.com/security/cve/CVE-2018-5116"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5116",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5116"
},
{
"cve": "CVE-2018-5117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5117"
}
],
"notes": [
{
"category": "general",
"text": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5117",
"url": "https://www.suse.com/security/cve/CVE-2018-5117"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5117",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5117"
},
{
"cve": "CVE-2018-5118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5118"
}
],
"notes": [
{
"category": "general",
"text": "The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through \"file:\" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5118",
"url": "https://www.suse.com/security/cve/CVE-2018-5118"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5118",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5118"
},
{
"cve": "CVE-2018-5119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5119"
}
],
"notes": [
{
"category": "general",
"text": "The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5119",
"url": "https://www.suse.com/security/cve/CVE-2018-5119"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5119",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5119"
},
{
"cve": "CVE-2018-5121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5121"
}
],
"notes": [
{
"category": "general",
"text": "Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5121",
"url": "https://www.suse.com/security/cve/CVE-2018-5121"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5121",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5121"
},
{
"cve": "CVE-2018-5122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5122"
}
],
"notes": [
{
"category": "general",
"text": "A potential integer overflow in the \"DoCrypt\" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5122",
"url": "https://www.suse.com/security/cve/CVE-2018-5122"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5122",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5122"
},
{
"cve": "CVE-2018-5125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5125"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5125",
"url": "https://www.suse.com/security/cve/CVE-2018-5125"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5125",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5125"
},
{
"cve": "CVE-2018-5126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5126"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5126",
"url": "https://www.suse.com/security/cve/CVE-2018-5126"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5126",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5126"
},
{
"cve": "CVE-2018-5127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5127"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5127",
"url": "https://www.suse.com/security/cve/CVE-2018-5127"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5127",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5127"
},
{
"cve": "CVE-2018-5128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5128"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5128",
"url": "https://www.suse.com/security/cve/CVE-2018-5128"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5128",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5128"
},
{
"cve": "CVE-2018-5129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5129"
}
],
"notes": [
{
"category": "general",
"text": "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5129",
"url": "https://www.suse.com/security/cve/CVE-2018-5129"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5129",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5129"
},
{
"cve": "CVE-2018-5130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5130"
}
],
"notes": [
{
"category": "general",
"text": "When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR \u003c 52.7 and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5130",
"url": "https://www.suse.com/security/cve/CVE-2018-5130"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5130",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5130"
},
{
"cve": "CVE-2018-5131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5131"
}
],
"notes": [
{
"category": "general",
"text": "Under certain circumstances the \"fetch()\" API can return transient local copies of resources that were sent with a \"no-store\" or \"no-cache\" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR \u003c 52.7 and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5131",
"url": "https://www.suse.com/security/cve/CVE-2018-5131"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5131",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5131"
},
{
"cve": "CVE-2018-5132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5132"
}
],
"notes": [
{
"category": "general",
"text": "The Find API for WebExtensions can search some privileged pages, such as \"about:debugging\", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5132",
"url": "https://www.suse.com/security/cve/CVE-2018-5132"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5132",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5132"
},
{
"cve": "CVE-2018-5133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5133"
}
],
"notes": [
{
"category": "general",
"text": "If the \"app.support.baseURL\" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads \"chrome://browser/content/preferences/in-content/preferences.xul\" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5133",
"url": "https://www.suse.com/security/cve/CVE-2018-5133"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5133",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5133"
},
{
"cve": "CVE-2018-5134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5134"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions may use \"view-source:\" URLs to view local \"file:\" URL content, as well as content stored in \"about:cache\", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5134",
"url": "https://www.suse.com/security/cve/CVE-2018-5134"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5134",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5134"
},
{
"cve": "CVE-2018-5135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5135"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5135",
"url": "https://www.suse.com/security/cve/CVE-2018-5135"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5135",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5135"
},
{
"cve": "CVE-2018-5136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5136"
}
],
"notes": [
{
"category": "general",
"text": "A shared worker created from a \"data:\" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5136",
"url": "https://www.suse.com/security/cve/CVE-2018-5136"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5136",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5136"
},
{
"cve": "CVE-2018-5137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5137"
}
],
"notes": [
{
"category": "general",
"text": "A legacy extension\u0027s non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5137",
"url": "https://www.suse.com/security/cve/CVE-2018-5137"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5137",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5137"
},
{
"cve": "CVE-2018-5138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5138"
}
],
"notes": [
{
"category": "general",
"text": "A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5138",
"url": "https://www.suse.com/security/cve/CVE-2018-5138"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5138",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5138"
},
{
"cve": "CVE-2018-5140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5140"
}
],
"notes": [
{
"category": "general",
"text": "Image for moz-icons can be accessed through the \"moz-icon:\" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5140",
"url": "https://www.suse.com/security/cve/CVE-2018-5140"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5140",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5140"
},
{
"cve": "CVE-2018-5141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5141"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5141",
"url": "https://www.suse.com/security/cve/CVE-2018-5141"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5141",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5141"
},
{
"cve": "CVE-2018-5142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5142"
}
],
"notes": [
{
"category": "general",
"text": "If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5142",
"url": "https://www.suse.com/security/cve/CVE-2018-5142"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5142",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5142"
},
{
"cve": "CVE-2018-5143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5143"
}
],
"notes": [
{
"category": "general",
"text": "URLs using \"javascript:\" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the \"javascript:\" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5143",
"url": "https://www.suse.com/security/cve/CVE-2018-5143"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5143",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5143"
},
{
"cve": "CVE-2018-5146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5146"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox \u003c 59.0.1, Firefox ESR \u003c 52.7.2, and Thunderbird \u003c 52.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5146",
"url": "https://www.suse.com/security/cve/CVE-2018-5146"
},
{
"category": "external",
"summary": "SUSE Bug 1085671 for CVE-2018-5146",
"url": "https://bugzilla.suse.com/1085671"
},
{
"category": "external",
"summary": "SUSE Bug 1085687 for CVE-2018-5146",
"url": "https://bugzilla.suse.com/1085687"
},
{
"category": "external",
"summary": "SUSE Bug 1180395 for CVE-2018-5146",
"url": "https://bugzilla.suse.com/1180395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5146"
},
{
"cve": "CVE-2018-5147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5147"
}
],
"notes": [
{
"category": "general",
"text": "The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR \u003c 52.7.2 and Firefox \u003c 59.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5147",
"url": "https://www.suse.com/security/cve/CVE-2018-5147"
},
{
"category": "external",
"summary": "SUSE Bug 1085671 for CVE-2018-5147",
"url": "https://bugzilla.suse.com/1085671"
},
{
"category": "external",
"summary": "SUSE Bug 1085687 for CVE-2018-5147",
"url": "https://bugzilla.suse.com/1085687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5147"
},
{
"cve": "CVE-2018-5148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5148"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.7.3 and Firefox \u003c 59.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5148",
"url": "https://www.suse.com/security/cve/CVE-2018-5148"
},
{
"category": "external",
"summary": "SUSE Bug 1087059 for CVE-2018-5148",
"url": "https://bugzilla.suse.com/1087059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5148"
},
{
"cve": "CVE-2018-5150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5150"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5150",
"url": "https://www.suse.com/security/cve/CVE-2018-5150"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5150"
},
{
"cve": "CVE-2018-5151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5151"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5151",
"url": "https://www.suse.com/security/cve/CVE-2018-5151"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5151",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5151",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5151",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5151",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5151",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5151",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5151",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5151"
},
{
"cve": "CVE-2018-5152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5152"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the \"webRequest\" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5152",
"url": "https://www.suse.com/security/cve/CVE-2018-5152"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5152",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5152",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5152",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5152",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5152",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5152",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5152",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5152"
},
{
"cve": "CVE-2018-5153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5153"
}
],
"notes": [
{
"category": "general",
"text": "If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5153",
"url": "https://www.suse.com/security/cve/CVE-2018-5153"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5153",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5153",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5153",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5153",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5153",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5153",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5153",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5153"
},
{
"cve": "CVE-2018-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5154",
"url": "https://www.suse.com/security/cve/CVE-2018-5154"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5154"
},
{
"cve": "CVE-2018-5155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5155"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5155",
"url": "https://www.suse.com/security/cve/CVE-2018-5155"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5155"
},
{
"cve": "CVE-2018-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5156"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5156",
"url": "https://www.suse.com/security/cve/CVE-2018-5156"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5156",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5156"
},
{
"cve": "CVE-2018-5157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5157"
}
],
"notes": [
{
"category": "general",
"text": "Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR \u003c 52.8 and Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5157",
"url": "https://www.suse.com/security/cve/CVE-2018-5157"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5157",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5157",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5157",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5157",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5157",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5157",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5157",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5157"
},
{
"cve": "CVE-2018-5158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5158"
}
],
"notes": [
{
"category": "general",
"text": "The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR \u003c 52.8 and Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5158",
"url": "https://www.suse.com/security/cve/CVE-2018-5158"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5158",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5158",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5158",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5158",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5158",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5158",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5158",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5158"
},
{
"cve": "CVE-2018-5159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5159"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5159",
"url": "https://www.suse.com/security/cve/CVE-2018-5159"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5159"
},
{
"cve": "CVE-2018-5160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5160"
}
],
"notes": [
{
"category": "general",
"text": "WebRTC can use a \"WrappedI420Buffer\" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5160",
"url": "https://www.suse.com/security/cve/CVE-2018-5160"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5160",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5160",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5160",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5160",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5160",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5160",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5160",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5160"
},
{
"cve": "CVE-2018-5163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5163"
}
],
"notes": [
{
"category": "general",
"text": "If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process\u0027 privileges, escaping the sandbox on content processes. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5163",
"url": "https://www.suse.com/security/cve/CVE-2018-5163"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5163",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5163",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5163",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5163",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5163",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5163",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5163",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5163"
},
{
"cve": "CVE-2018-5164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5164"
}
],
"notes": [
{
"category": "general",
"text": "Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the \"multipart/x-mixed-replace\" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5164",
"url": "https://www.suse.com/security/cve/CVE-2018-5164"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5164",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5164",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5164",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5164",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5164",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5164",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5164",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5164"
},
{
"cve": "CVE-2018-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5165"
}
],
"notes": [
{
"category": "general",
"text": "In 32-bit versions of Firefox, the Adobe Flash plugin setting for \"Enable Adobe Flash protected mode\" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5165",
"url": "https://www.suse.com/security/cve/CVE-2018-5165"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5165",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5165",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5165",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5165",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5165",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5165",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5165",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5165"
},
{
"cve": "CVE-2018-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5166"
}
],
"notes": [
{
"category": "general",
"text": "WebExtensions can use request redirection and a \"filterReponseData\" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5166",
"url": "https://www.suse.com/security/cve/CVE-2018-5166"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5166",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5166",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5166",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5166",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5166",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5166",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5166",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5166"
},
{
"cve": "CVE-2018-5167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5167"
}
],
"notes": [
{
"category": "general",
"text": "The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display \"chrome:\" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display \"javascript:\" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5167",
"url": "https://www.suse.com/security/cve/CVE-2018-5167"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5167",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5167",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5167",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5167",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5167",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5167",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5167",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5167"
},
{
"cve": "CVE-2018-5168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5168"
}
],
"notes": [
{
"category": "general",
"text": "Sites can bypass security checks on permissions to install lightweight themes by manipulating the \"baseURI\" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5168",
"url": "https://www.suse.com/security/cve/CVE-2018-5168"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5168"
},
{
"cve": "CVE-2018-5169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5169"
}
],
"notes": [
{
"category": "general",
"text": "If manipulated hyperlinked text with \"chrome:\" URL contained in it is dragged and dropped on the \"home\" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5169",
"url": "https://www.suse.com/security/cve/CVE-2018-5169"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5169",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5169",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5169",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5169",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5169",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5169",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5169",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5169"
},
{
"cve": "CVE-2018-5172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5172"
}
],
"notes": [
{
"category": "general",
"text": "The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5172",
"url": "https://www.suse.com/security/cve/CVE-2018-5172"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5172",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5172",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5172",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5172",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5172",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5172",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5172",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5172"
},
{
"cve": "CVE-2018-5173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5173"
}
],
"notes": [
{
"category": "general",
"text": "The filename appearing in the \"Downloads\" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5173",
"url": "https://www.suse.com/security/cve/CVE-2018-5173"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5173",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5173",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5173",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5173",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5173",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5173",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5173",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5173"
},
{
"cve": "CVE-2018-5174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5174"
}
],
"notes": [
{
"category": "general",
"text": "In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the \"SEE_MASK_FLAG_NO_UI\" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won\u0027t prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5174",
"url": "https://www.suse.com/security/cve/CVE-2018-5174"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5174"
},
{
"cve": "CVE-2018-5175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5175"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism to bypass Content Security Policy (CSP) protections on sites that have a \"script-src\" policy of \"\u0027strict-dynamic\u0027\". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the \"require.js\" library that is part of Firefox\u0027s Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5175",
"url": "https://www.suse.com/security/cve/CVE-2018-5175"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5175",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5175",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5175",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5175",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5175",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5175",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5175",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5175"
},
{
"cve": "CVE-2018-5176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5176"
}
],
"notes": [
{
"category": "general",
"text": "The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including \"javascript:\" links. If a JSON file contains malicious JavaScript script embedded as \"javascript:\" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5176",
"url": "https://www.suse.com/security/cve/CVE-2018-5176"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5176",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5176",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5176",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5176",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5176",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5176",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5176",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5176"
},
{
"cve": "CVE-2018-5177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5177"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5177",
"url": "https://www.suse.com/security/cve/CVE-2018-5177"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5177",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5177",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5177",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5177",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5177",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5177",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5177",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5177"
},
{
"cve": "CVE-2018-5180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5180"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5180",
"url": "https://www.suse.com/security/cve/CVE-2018-5180"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5180",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5180",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5180",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5180",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5180",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5180",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5180",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5180"
},
{
"cve": "CVE-2018-5181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5181"
}
],
"notes": [
{
"category": "general",
"text": "If a URL using the \"file:\" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the \"noopener\" keyword. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5181",
"url": "https://www.suse.com/security/cve/CVE-2018-5181"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5181",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5181",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5181",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5181",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5181",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5181",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5181",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5181"
},
{
"cve": "CVE-2018-5182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5182"
}
],
"notes": [
{
"category": "general",
"text": "If a text string that happens to be a filename in the operating system\u0027s native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent \"file:\" URL. This vulnerability affects Firefox \u003c 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5182",
"url": "https://www.suse.com/security/cve/CVE-2018-5182"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5182",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5182",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5182",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5182",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5182",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5182",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5182",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5182"
},
{
"cve": "CVE-2018-5186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5186"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5186",
"url": "https://www.suse.com/security/cve/CVE-2018-5186"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5186",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5186"
},
{
"cve": "CVE-2018-5187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5187"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5187",
"url": "https://www.suse.com/security/cve/CVE-2018-5187"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5187",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5187"
},
{
"cve": "CVE-2018-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5188"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5188",
"url": "https://www.suse.com/security/cve/CVE-2018-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5188",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5188"
},
{
"cve": "CVE-2018-6126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6126"
}
],
"notes": [
{
"category": "general",
"text": "A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6126",
"url": "https://www.suse.com/security/cve/CVE-2018-6126"
},
{
"category": "external",
"summary": "SUSE Bug 1095163 for CVE-2018-6126",
"url": "https://bugzilla.suse.com/1095163"
},
{
"category": "external",
"summary": "SUSE Bug 1096449 for CVE-2018-6126",
"url": "https://bugzilla.suse.com/1096449"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6126"
},
{
"cve": "CVE-2018-6156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6156"
}
],
"notes": [
{
"category": "general",
"text": "Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6156",
"url": "https://www.suse.com/security/cve/CVE-2018-6156"
},
{
"category": "external",
"summary": "SUSE Bug 1086124 for CVE-2018-6156",
"url": "https://bugzilla.suse.com/1086124"
},
{
"category": "external",
"summary": "SUSE Bug 1102530 for CVE-2018-6156",
"url": "https://bugzilla.suse.com/1102530"
},
{
"category": "external",
"summary": "SUSE Bug 1107235 for CVE-2018-6156",
"url": "https://bugzilla.suse.com/1107235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-6156"
},
{
"cve": "CVE-2019-11691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11691"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11691",
"url": "https://www.suse.com/security/cve/CVE-2019-11691"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11691",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11691"
},
{
"cve": "CVE-2019-11692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11692"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11692",
"url": "https://www.suse.com/security/cve/CVE-2019-11692"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11692",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11692"
},
{
"cve": "CVE-2019-11693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11693"
}
],
"notes": [
{
"category": "general",
"text": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11693",
"url": "https://www.suse.com/security/cve/CVE-2019-11693"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11693",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11693"
},
{
"cve": "CVE-2019-11694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11694"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11694",
"url": "https://www.suse.com/security/cve/CVE-2019-11694"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11694",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11694"
},
{
"cve": "CVE-2019-11695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11695"
}
],
"notes": [
{
"category": "general",
"text": "A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11695",
"url": "https://www.suse.com/security/cve/CVE-2019-11695"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11695",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11695"
},
{
"cve": "CVE-2019-11696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11696"
}
],
"notes": [
{
"category": "general",
"text": "Files with the .JNLP extension used for \"Java web start\" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11696",
"url": "https://www.suse.com/security/cve/CVE-2019-11696"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11696",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11696"
},
{
"cve": "CVE-2019-11697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11697"
}
],
"notes": [
{
"category": "general",
"text": "If the ALT and \"a\" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11697",
"url": "https://www.suse.com/security/cve/CVE-2019-11697"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11697",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11697"
},
{
"cve": "CVE-2019-11698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11698"
}
],
"notes": [
{
"category": "general",
"text": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user\u0027s browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11698",
"url": "https://www.suse.com/security/cve/CVE-2019-11698"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11698",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11698"
},
{
"cve": "CVE-2019-11699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11699"
}
],
"notes": [
{
"category": "general",
"text": "A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11699",
"url": "https://www.suse.com/security/cve/CVE-2019-11699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11699"
},
{
"cve": "CVE-2019-11700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11700"
}
],
"notes": [
{
"category": "general",
"text": "A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11700",
"url": "https://www.suse.com/security/cve/CVE-2019-11700"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11700",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11700"
},
{
"cve": "CVE-2019-11701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11701"
}
],
"notes": [
{
"category": "general",
"text": "The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11701",
"url": "https://www.suse.com/security/cve/CVE-2019-11701"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11701",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11701"
},
{
"cve": "CVE-2019-11707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11707"
}
],
"notes": [
{
"category": "general",
"text": "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 60.7.1, Firefox \u003c 67.0.3, and Thunderbird \u003c 60.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11707",
"url": "https://www.suse.com/security/cve/CVE-2019-11707"
},
{
"category": "external",
"summary": "SUSE Bug 1138614 for CVE-2019-11707",
"url": "https://bugzilla.suse.com/1138614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11707"
},
{
"cve": "CVE-2019-11708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11708"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user\u0027s computer. This vulnerability affects Firefox ESR \u003c 60.7.2, Firefox \u003c 67.0.4, and Thunderbird \u003c 60.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11708",
"url": "https://www.suse.com/security/cve/CVE-2019-11708"
},
{
"category": "external",
"summary": "SUSE Bug 1138872 for CVE-2019-11708",
"url": "https://bugzilla.suse.com/1138872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11708"
},
{
"cve": "CVE-2019-11709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11709"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11709",
"url": "https://www.suse.com/security/cve/CVE-2019-11709"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11709",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11709"
},
{
"cve": "CVE-2019-11710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11710"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11710",
"url": "https://www.suse.com/security/cve/CVE-2019-11710"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11710",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11710"
},
{
"cve": "CVE-2019-11711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11711"
}
],
"notes": [
{
"category": "general",
"text": "When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11711",
"url": "https://www.suse.com/security/cve/CVE-2019-11711"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11711",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11711"
},
{
"cve": "CVE-2019-11712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11712"
}
],
"notes": [
{
"category": "general",
"text": "POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11712",
"url": "https://www.suse.com/security/cve/CVE-2019-11712"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11712",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11712"
},
{
"cve": "CVE-2019-11713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11713"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11713",
"url": "https://www.suse.com/security/cve/CVE-2019-11713"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11713",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11713"
},
{
"cve": "CVE-2019-11714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11714"
}
],
"notes": [
{
"category": "general",
"text": "Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11714",
"url": "https://www.suse.com/security/cve/CVE-2019-11714"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11714",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11714"
},
{
"cve": "CVE-2019-11715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11715"
}
],
"notes": [
{
"category": "general",
"text": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11715",
"url": "https://www.suse.com/security/cve/CVE-2019-11715"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11715",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11715"
},
{
"cve": "CVE-2019-11716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11716"
}
],
"notes": [
{
"category": "general",
"text": "Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11716",
"url": "https://www.suse.com/security/cve/CVE-2019-11716"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11716",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11716"
},
{
"cve": "CVE-2019-11717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11717"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11717",
"url": "https://www.suse.com/security/cve/CVE-2019-11717"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11717",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11717"
},
{
"cve": "CVE-2019-11718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11718"
}
],
"notes": [
{
"category": "general",
"text": "Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11718",
"url": "https://www.suse.com/security/cve/CVE-2019-11718"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11718",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11718"
},
{
"cve": "CVE-2019-11719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11719"
}
],
"notes": [
{
"category": "general",
"text": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11719",
"url": "https://www.suse.com/security/cve/CVE-2019-11719"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11719",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11719"
},
{
"cve": "CVE-2019-11720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11720"
}
],
"notes": [
{
"category": "general",
"text": "Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11720",
"url": "https://www.suse.com/security/cve/CVE-2019-11720"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11720",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11720"
},
{
"cve": "CVE-2019-11721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11721"
}
],
"notes": [
{
"category": "general",
"text": "The unicode latin \u0027kra\u0027 character can be used to spoof a standard \u0027k\u0027 character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11721",
"url": "https://www.suse.com/security/cve/CVE-2019-11721"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11721",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11721"
},
{
"cve": "CVE-2019-11723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11723"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different \"containers\" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11723",
"url": "https://www.suse.com/security/cve/CVE-2019-11723"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11723",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11723"
},
{
"cve": "CVE-2019-11724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11724"
}
],
"notes": [
{
"category": "general",
"text": "Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11724",
"url": "https://www.suse.com/security/cve/CVE-2019-11724"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11724",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11724"
},
{
"cve": "CVE-2019-11725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11725"
}
],
"notes": [
{
"category": "general",
"text": "When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11725",
"url": "https://www.suse.com/security/cve/CVE-2019-11725"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11725",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11725"
},
{
"cve": "CVE-2019-11727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11727"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11727",
"url": "https://www.suse.com/security/cve/CVE-2019-11727"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11727",
"url": "https://bugzilla.suse.com/1140868"
},
{
"category": "external",
"summary": "SUSE Bug 1141322 for CVE-2019-11727",
"url": "https://bugzilla.suse.com/1141322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11727"
},
{
"cve": "CVE-2019-11728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11728"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox \u003c 68.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11728",
"url": "https://www.suse.com/security/cve/CVE-2019-11728"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11728",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11728"
},
{
"cve": "CVE-2019-11729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11729"
}
],
"notes": [
{
"category": "general",
"text": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11729",
"url": "https://www.suse.com/security/cve/CVE-2019-11729"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11729",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11729"
},
{
"cve": "CVE-2019-11730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11730"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app\u0027s predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11730",
"url": "https://www.suse.com/security/cve/CVE-2019-11730"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11730",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11730"
},
{
"cve": "CVE-2019-11733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11733"
}
],
"notes": [
{
"category": "general",
"text": "When a master password is set, it is required to be entered again before stored passwords can be accessed in the \u0027Saved Logins\u0027 dialog. It was found that locally stored passwords can be copied to the clipboard thorough the \u0027copy password\u0027 context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox \u003c 68.0.2 and Firefox ESR \u003c 68.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11733",
"url": "https://www.suse.com/security/cve/CVE-2019-11733"
},
{
"category": "external",
"summary": "SUSE Bug 1145665 for CVE-2019-11733",
"url": "https://bugzilla.suse.com/1145665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11733"
},
{
"cve": "CVE-2019-11734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11734"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 69.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11734",
"url": "https://www.suse.com/security/cve/CVE-2019-11734"
},
{
"category": "external",
"summary": "SUSE Bug 1149287 for CVE-2019-11734",
"url": "https://bugzilla.suse.com/1149287"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11734",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11734"
},
{
"cve": "CVE-2019-11735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11735"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11735",
"url": "https://www.suse.com/security/cve/CVE-2019-11735"
},
{
"category": "external",
"summary": "SUSE Bug 1149293 for CVE-2019-11735",
"url": "https://bugzilla.suse.com/1149293"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11735",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11735",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11735"
},
{
"cve": "CVE-2019-11736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11736"
}
],
"notes": [
{
"category": "general",
"text": "The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. \u003cbr\u003e*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11736",
"url": "https://www.suse.com/security/cve/CVE-2019-11736"
},
{
"category": "external",
"summary": "SUSE Bug 1149292 for CVE-2019-11736",
"url": "https://bugzilla.suse.com/1149292"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11736",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11736",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11736"
},
{
"cve": "CVE-2019-11737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11737"
}
],
"notes": [
{
"category": "general",
"text": "If a wildcard (\u0027*\u0027) is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox \u003c 69.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11737",
"url": "https://www.suse.com/security/cve/CVE-2019-11737"
},
{
"category": "external",
"summary": "SUSE Bug 1149300 for CVE-2019-11737",
"url": "https://bugzilla.suse.com/1149300"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11737",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11737"
},
{
"cve": "CVE-2019-11738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11738"
}
],
"notes": [
{
"category": "general",
"text": "If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11738",
"url": "https://www.suse.com/security/cve/CVE-2019-11738"
},
{
"category": "external",
"summary": "SUSE Bug 1149302 for CVE-2019-11738",
"url": "https://bugzilla.suse.com/1149302"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11738",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11738",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11738"
},
{
"cve": "CVE-2019-11740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11740"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11740",
"url": "https://www.suse.com/security/cve/CVE-2019-11740"
},
{
"category": "external",
"summary": "SUSE Bug 1149299 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1149299"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11740"
},
{
"cve": "CVE-2019-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11741"
}
],
"notes": [
{
"category": "general",
"text": "A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user\u0027s Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox \u003c 69.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11741",
"url": "https://www.suse.com/security/cve/CVE-2019-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1149288 for CVE-2019-11741",
"url": "https://bugzilla.suse.com/1149288"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11741",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11741"
},
{
"cve": "CVE-2019-11742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11742"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a \u0026lt;canvas\u0026gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11742",
"url": "https://www.suse.com/security/cve/CVE-2019-11742"
},
{
"category": "external",
"summary": "SUSE Bug 1149303 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1149303"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11742"
},
{
"cve": "CVE-2019-11743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11743"
}
],
"notes": [
{
"category": "general",
"text": "Navigation events were not fully adhering to the W3C\u0027s \"Navigation-Timing Level 2\" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11743",
"url": "https://www.suse.com/security/cve/CVE-2019-11743"
},
{
"category": "external",
"summary": "SUSE Bug 1149298 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1149298"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11743"
},
{
"cve": "CVE-2019-11744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11744"
}
],
"notes": [
{
"category": "general",
"text": "Some HTML elements, such as \u0026lt;title\u0026gt; and \u0026lt;textarea\u0026gt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11744",
"url": "https://www.suse.com/security/cve/CVE-2019-11744"
},
{
"category": "external",
"summary": "SUSE Bug 1149304 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1149304"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11744"
},
{
"cve": "CVE-2019-11746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11746"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11746",
"url": "https://www.suse.com/security/cve/CVE-2019-11746"
},
{
"category": "external",
"summary": "SUSE Bug 1149297 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1149297"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11746"
},
{
"cve": "CVE-2019-11747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11747"
}
],
"notes": [
{
"category": "general",
"text": "The \"Forget about this site\" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site\u0027s HSTS setting will be restored. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11747",
"url": "https://www.suse.com/security/cve/CVE-2019-11747"
},
{
"category": "external",
"summary": "SUSE Bug 1149301 for CVE-2019-11747",
"url": "https://bugzilla.suse.com/1149301"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11747",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11747",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-11747"
},
{
"cve": "CVE-2019-11748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11748"
}
],
"notes": [
{
"category": "general",
"text": "WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11748",
"url": "https://www.suse.com/security/cve/CVE-2019-11748"
},
{
"category": "external",
"summary": "SUSE Bug 1149291 for CVE-2019-11748",
"url": "https://bugzilla.suse.com/1149291"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11748",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11748",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11748"
},
{
"cve": "CVE-2019-11749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11749"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11749",
"url": "https://www.suse.com/security/cve/CVE-2019-11749"
},
{
"category": "external",
"summary": "SUSE Bug 1149290 for CVE-2019-11749",
"url": "https://bugzilla.suse.com/1149290"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11749",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11749",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11749"
},
{
"cve": "CVE-2019-11750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11750"
}
],
"notes": [
{
"category": "general",
"text": "A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11750",
"url": "https://www.suse.com/security/cve/CVE-2019-11750"
},
{
"category": "external",
"summary": "SUSE Bug 1149289 for CVE-2019-11750",
"url": "https://bugzilla.suse.com/1149289"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11750",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11750",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11750"
},
{
"cve": "CVE-2019-11751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11751"
}
],
"notes": [
{
"category": "general",
"text": "Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows \u0027Startup\u0027 folder. \u003cbr\u003e*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox \u003c 69 and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11751",
"url": "https://www.suse.com/security/cve/CVE-2019-11751"
},
{
"category": "external",
"summary": "SUSE Bug 1149286 for CVE-2019-11751",
"url": "https://bugzilla.suse.com/1149286"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11751",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11751",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11751"
},
{
"cve": "CVE-2019-11752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11752"
}
],
"notes": [
{
"category": "general",
"text": "It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11752",
"url": "https://www.suse.com/security/cve/CVE-2019-11752"
},
{
"category": "external",
"summary": "SUSE Bug 1149296 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1149296"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11752"
},
{
"cve": "CVE-2019-11753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11753"
}
],
"notes": [
{
"category": "general",
"text": "The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. \u003cbr\u003e*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox \u003c 69, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11753",
"url": "https://www.suse.com/security/cve/CVE-2019-11753"
},
{
"category": "external",
"summary": "SUSE Bug 1149295 for CVE-2019-11753",
"url": "https://bugzilla.suse.com/1149295"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11753",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11753",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11753"
},
{
"cve": "CVE-2019-11754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11754"
}
],
"notes": [
{
"category": "general",
"text": "When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox \u003c 69.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11754",
"url": "https://www.suse.com/security/cve/CVE-2019-11754"
},
{
"category": "external",
"summary": "SUSE Bug 1151260 for CVE-2019-11754",
"url": "https://bugzilla.suse.com/1151260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11754"
},
{
"cve": "CVE-2019-11756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11756"
}
],
"notes": [
{
"category": "general",
"text": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11756",
"url": "https://www.suse.com/security/cve/CVE-2019-11756"
},
{
"category": "external",
"summary": "SUSE Bug 1161447 for CVE-2019-11756",
"url": "https://bugzilla.suse.com/1161447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11756"
},
{
"cve": "CVE-2019-11757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11757"
}
],
"notes": [
{
"category": "general",
"text": "When following the value\u0027s prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11757",
"url": "https://www.suse.com/security/cve/CVE-2019-11757"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11757",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11757"
},
{
"cve": "CVE-2019-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11759"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11759",
"url": "https://www.suse.com/security/cve/CVE-2019-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11759",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11759"
},
{
"cve": "CVE-2019-11760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11760"
}
],
"notes": [
{
"category": "general",
"text": "A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11760",
"url": "https://www.suse.com/security/cve/CVE-2019-11760"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11760",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11760"
},
{
"cve": "CVE-2019-11761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11761"
}
],
"notes": [
{
"category": "general",
"text": "By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11761",
"url": "https://www.suse.com/security/cve/CVE-2019-11761"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11761",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11761"
},
{
"cve": "CVE-2019-11762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11762"
}
],
"notes": [
{
"category": "general",
"text": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11762",
"url": "https://www.suse.com/security/cve/CVE-2019-11762"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11762",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11762"
},
{
"cve": "CVE-2019-11763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11763"
}
],
"notes": [
{
"category": "general",
"text": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11763",
"url": "https://www.suse.com/security/cve/CVE-2019-11763"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11763",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11763"
},
{
"cve": "CVE-2019-11764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11764"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11764",
"url": "https://www.suse.com/security/cve/CVE-2019-11764"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11764",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11764"
},
{
"cve": "CVE-2019-11765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11765"
}
],
"notes": [
{
"category": "general",
"text": "A compromised content process could send a message to the parent process that would cause the \u0027Click to Play\u0027 permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the \u0027Click to Play\u0027 permission. This vulnerability affects Firefox \u003c 70.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11765",
"url": "https://www.suse.com/security/cve/CVE-2019-11765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11765"
},
{
"cve": "CVE-2019-13722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13722"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13722",
"url": "https://www.suse.com/security/cve/CVE-2019-13722"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-13722",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-13722"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-17000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17000"
}
],
"notes": [
{
"category": "general",
"text": "An object tag with a data URI did not correctly inherit the document\u0027s Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document\u0027s policy explicitly allowed data: URIs. This vulnerability affects Firefox \u003c 70.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17000",
"url": "https://www.suse.com/security/cve/CVE-2019-17000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17000"
},
{
"cve": "CVE-2019-17001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17001"
}
],
"notes": [
{
"category": "general",
"text": "A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox \u003c 70.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17001",
"url": "https://www.suse.com/security/cve/CVE-2019-17001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17001"
},
{
"cve": "CVE-2019-17002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17002"
}
],
"notes": [
{
"category": "general",
"text": "If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox \u003c 70.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17002",
"url": "https://www.suse.com/security/cve/CVE-2019-17002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17002"
},
{
"cve": "CVE-2019-17005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17005"
}
],
"notes": [
{
"category": "general",
"text": "The plain text serializer used a fixed-size array for the number of \u003col\u003e elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17005",
"url": "https://www.suse.com/security/cve/CVE-2019-17005"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17005",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17005"
},
{
"cve": "CVE-2019-17008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17008"
}
],
"notes": [
{
"category": "general",
"text": "When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17008",
"url": "https://www.suse.com/security/cve/CVE-2019-17008"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17008",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17008"
},
{
"cve": "CVE-2019-17010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17010"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17010",
"url": "https://www.suse.com/security/cve/CVE-2019-17010"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17010",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17010"
},
{
"cve": "CVE-2019-17011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17011"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17011",
"url": "https://www.suse.com/security/cve/CVE-2019-17011"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17011",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17011"
},
{
"cve": "CVE-2019-17012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17012"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17012",
"url": "https://www.suse.com/security/cve/CVE-2019-17012"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17012",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17012"
},
{
"cve": "CVE-2019-17013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17013"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17013",
"url": "https://www.suse.com/security/cve/CVE-2019-17013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17013"
},
{
"cve": "CVE-2019-17014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17014"
}
],
"notes": [
{
"category": "general",
"text": "If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17014",
"url": "https://www.suse.com/security/cve/CVE-2019-17014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17014"
},
{
"cve": "CVE-2019-17016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17016"
}
],
"notes": [
{
"category": "general",
"text": "When pasting a \u0026lt;style\u0026gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17016",
"url": "https://www.suse.com/security/cve/CVE-2019-17016"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17016",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17016"
},
{
"cve": "CVE-2019-17017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17017"
}
],
"notes": [
{
"category": "general",
"text": "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17017",
"url": "https://www.suse.com/security/cve/CVE-2019-17017"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17017",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17017"
},
{
"cve": "CVE-2019-17020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17020"
}
],
"notes": [
{
"category": "general",
"text": "If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17020",
"url": "https://www.suse.com/security/cve/CVE-2019-17020"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17020",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17020"
},
{
"cve": "CVE-2019-17022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17022"
}
],
"notes": [
{
"category": "general",
"text": "When pasting a \u0026lt;style\u0026gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape \u0026lt; and \u0026gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node\u0027s innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17022",
"url": "https://www.suse.com/security/cve/CVE-2019-17022"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17022",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17022"
},
{
"cve": "CVE-2019-17023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17023"
}
],
"notes": [
{
"category": "general",
"text": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17023",
"url": "https://www.suse.com/security/cve/CVE-2019-17023"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17023",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17023"
},
{
"cve": "CVE-2019-17024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17024"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17024",
"url": "https://www.suse.com/security/cve/CVE-2019-17024"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17024",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17024"
},
{
"cve": "CVE-2019-17025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17025"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17025",
"url": "https://www.suse.com/security/cve/CVE-2019-17025"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17025",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17025"
},
{
"cve": "CVE-2019-17026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17026"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 68.4.1, Thunderbird \u003c 68.4.1, and Firefox \u003c 72.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17026",
"url": "https://www.suse.com/security/cve/CVE-2019-17026"
},
{
"category": "external",
"summary": "SUSE Bug 1160498 for CVE-2019-17026",
"url": "https://bugzilla.suse.com/1160498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17026"
},
{
"cve": "CVE-2019-20503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20503"
}
],
"notes": [
{
"category": "general",
"text": "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20503",
"url": "https://www.suse.com/security/cve/CVE-2019-20503"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2019-20503",
"url": "https://bugzilla.suse.com/1166238"
},
{
"category": "external",
"summary": "SUSE Bug 1167090 for CVE-2019-20503",
"url": "https://bugzilla.suse.com/1167090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-20503"
},
{
"cve": "CVE-2019-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5785"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5785",
"url": "https://www.suse.com/security/cve/CVE-2019-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5785"
},
{
"cve": "CVE-2019-5849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5849"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5849",
"url": "https://www.suse.com/security/cve/CVE-2019-5849"
},
{
"category": "external",
"summary": "SUSE Bug 1149321 for CVE-2019-5849",
"url": "https://bugzilla.suse.com/1149321"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-5849",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5849"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-7317"
},
{
"cve": "CVE-2019-9788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9788"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9788",
"url": "https://www.suse.com/security/cve/CVE-2019-9788"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9788",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9788"
},
{
"cve": "CVE-2019-9789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9789"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9789",
"url": "https://www.suse.com/security/cve/CVE-2019-9789"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9789",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9789"
},
{
"cve": "CVE-2019-9790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9790"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9790",
"url": "https://www.suse.com/security/cve/CVE-2019-9790"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9790",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9790"
},
{
"cve": "CVE-2019-9791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9791"
}
],
"notes": [
{
"category": "general",
"text": "The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9791",
"url": "https://www.suse.com/security/cve/CVE-2019-9791"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9791",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9791"
},
{
"cve": "CVE-2019-9792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9792"
}
],
"notes": [
{
"category": "general",
"text": "The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9792",
"url": "https://www.suse.com/security/cve/CVE-2019-9792"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9792",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9792"
},
{
"cve": "CVE-2019-9793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9793"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9793",
"url": "https://www.suse.com/security/cve/CVE-2019-9793"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9793",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9793"
},
{
"cve": "CVE-2019-9794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9794"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9794",
"url": "https://www.suse.com/security/cve/CVE-2019-9794"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9794",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9794"
},
{
"cve": "CVE-2019-9795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9795"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9795",
"url": "https://www.suse.com/security/cve/CVE-2019-9795"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9795",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9795"
},
{
"cve": "CVE-2019-9796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9796"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver\u0027s observer array. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9796",
"url": "https://www.suse.com/security/cve/CVE-2019-9796"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9796",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9796"
},
{
"cve": "CVE-2019-9797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9797"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9797",
"url": "https://www.suse.com/security/cve/CVE-2019-9797"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9797"
},
{
"cve": "CVE-2019-9798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9798"
}
],
"notes": [
{
"category": "general",
"text": "On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9798",
"url": "https://www.suse.com/security/cve/CVE-2019-9798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9798"
},
{
"cve": "CVE-2019-9799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9799"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9799",
"url": "https://www.suse.com/security/cve/CVE-2019-9799"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9799",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9799"
},
{
"cve": "CVE-2019-9800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9800"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9800",
"url": "https://www.suse.com/security/cve/CVE-2019-9800"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9800",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9800"
},
{
"cve": "CVE-2019-9801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9801"
}
],
"notes": [
{
"category": "general",
"text": "Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a \"URL Handler\" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.6, Firefox ESR \u003c 60.6, and Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9801",
"url": "https://www.suse.com/security/cve/CVE-2019-9801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9801"
},
{
"cve": "CVE-2019-9802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9802"
}
],
"notes": [
{
"category": "general",
"text": "If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9802",
"url": "https://www.suse.com/security/cve/CVE-2019-9802"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9802",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9802"
},
{
"cve": "CVE-2019-9803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9803"
}
],
"notes": [
{
"category": "general",
"text": "The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9803",
"url": "https://www.suse.com/security/cve/CVE-2019-9803"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9803",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9803"
},
{
"cve": "CVE-2019-9804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9804"
}
],
"notes": [
{
"category": "general",
"text": "In Firefox Developer Tools it is possible that pasting the result of the \u0027Copy as cURL\u0027 command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9804",
"url": "https://www.suse.com/security/cve/CVE-2019-9804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9804"
},
{
"cve": "CVE-2019-9805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9805"
}
],
"notes": [
{
"category": "general",
"text": "A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9805",
"url": "https://www.suse.com/security/cve/CVE-2019-9805"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9805",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9805"
},
{
"cve": "CVE-2019-9806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9806"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9806",
"url": "https://www.suse.com/security/cve/CVE-2019-9806"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9806",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9806"
},
{
"cve": "CVE-2019-9807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9807"
}
],
"notes": [
{
"category": "general",
"text": "When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9807",
"url": "https://www.suse.com/security/cve/CVE-2019-9807"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9807",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9807"
},
{
"cve": "CVE-2019-9808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9808"
}
],
"notes": [
{
"category": "general",
"text": "If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown origin\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9808",
"url": "https://www.suse.com/security/cve/CVE-2019-9808"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9808",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9808"
},
{
"cve": "CVE-2019-9809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9809"
}
],
"notes": [
{
"category": "general",
"text": "If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9809",
"url": "https://www.suse.com/security/cve/CVE-2019-9809"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9809",
"url": "https://bugzilla.suse.com/1129821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9809"
},
{
"cve": "CVE-2019-9810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9810"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox \u003c 66.0.1, Firefox ESR \u003c 60.6.1, and Thunderbird \u003c 60.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9810",
"url": "https://www.suse.com/security/cve/CVE-2019-9810"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9810",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1130262 for CVE-2019-9810",
"url": "https://bugzilla.suse.com/1130262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9810"
},
{
"cve": "CVE-2019-9811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9811"
}
],
"notes": [
{
"category": "general",
"text": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9811",
"url": "https://www.suse.com/security/cve/CVE-2019-9811"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-9811",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9811"
},
{
"cve": "CVE-2019-9812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9812"
}
],
"notes": [
{
"category": "general",
"text": "Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR \u003c 60.9, Firefox ESR \u003c 68.1, and Firefox \u003c 69.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9812",
"url": "https://www.suse.com/security/cve/CVE-2019-9812"
},
{
"category": "external",
"summary": "SUSE Bug 1149294 for CVE-2019-9812",
"url": "https://bugzilla.suse.com/1149294"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-9812",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-9812",
"url": "https://bugzilla.suse.com/1149324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9812"
},
{
"cve": "CVE-2019-9813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9813"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox \u003c 66.0.1, Firefox ESR \u003c 60.6.1, and Thunderbird \u003c 60.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9813",
"url": "https://www.suse.com/security/cve/CVE-2019-9813"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9813",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1130262 for CVE-2019-9813",
"url": "https://bugzilla.suse.com/1130262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9813"
},
{
"cve": "CVE-2019-9814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9814"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9814",
"url": "https://www.suse.com/security/cve/CVE-2019-9814"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9814",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9814"
},
{
"cve": "CVE-2019-9815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9815"
}
],
"notes": [
{
"category": "general",
"text": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9815",
"url": "https://www.suse.com/security/cve/CVE-2019-9815"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9815",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9815"
},
{
"cve": "CVE-2019-9816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9816"
}
],
"notes": [
{
"category": "general",
"text": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9816",
"url": "https://www.suse.com/security/cve/CVE-2019-9816"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9816",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9816"
},
{
"cve": "CVE-2019-9817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9817"
}
],
"notes": [
{
"category": "general",
"text": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9817",
"url": "https://www.suse.com/security/cve/CVE-2019-9817"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9817",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9817"
},
{
"cve": "CVE-2019-9818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9818"
}
],
"notes": [
{
"category": "general",
"text": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9818",
"url": "https://www.suse.com/security/cve/CVE-2019-9818"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9818",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9818"
},
{
"cve": "CVE-2019-9819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9819"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9819",
"url": "https://www.suse.com/security/cve/CVE-2019-9819"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9819",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9819"
},
{
"cve": "CVE-2019-9820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9820"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9820",
"url": "https://www.suse.com/security/cve/CVE-2019-9820"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9820",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9820"
},
{
"cve": "CVE-2019-9821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9821"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9821",
"url": "https://www.suse.com/security/cve/CVE-2019-9821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9821",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9821"
},
{
"cve": "CVE-2020-12387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12387"
}
],
"notes": [
{
"category": "general",
"text": "A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12387",
"url": "https://www.suse.com/security/cve/CVE-2020-12387"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12387",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12387"
},
{
"cve": "CVE-2020-12388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12388"
}
],
"notes": [
{
"category": "general",
"text": "The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR \u003c 68.8 and Firefox \u003c 76.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12388",
"url": "https://www.suse.com/security/cve/CVE-2020-12388"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12388",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12388"
},
{
"cve": "CVE-2020-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12389"
}
],
"notes": [
{
"category": "general",
"text": "The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR \u003c 68.8 and Firefox \u003c 76.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12389",
"url": "https://www.suse.com/security/cve/CVE-2020-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12389",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12389"
},
{
"cve": "CVE-2020-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12390"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox \u003c 76.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12390",
"url": "https://www.suse.com/security/cve/CVE-2020-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12390",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12390"
},
{
"cve": "CVE-2020-12391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12391"
}
],
"notes": [
{
"category": "general",
"text": "Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox \u003c 76.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12391",
"url": "https://www.suse.com/security/cve/CVE-2020-12391"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12391",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12391"
},
{
"cve": "CVE-2020-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12392"
}
],
"notes": [
{
"category": "general",
"text": "The \u0027Copy as cURL\u0027 feature of Devtools\u0027 network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the \u0027Copy as cURL\u0027 feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12392",
"url": "https://www.suse.com/security/cve/CVE-2020-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12392",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12392"
},
{
"cve": "CVE-2020-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12393"
}
],
"notes": [
{
"category": "general",
"text": "The \u0027Copy as cURL\u0027 feature of Devtools\u0027 network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the \u0027Copy as cURL\u0027 feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12393",
"url": "https://www.suse.com/security/cve/CVE-2020-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12393",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12393"
},
{
"cve": "CVE-2020-12394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12394"
}
],
"notes": [
{
"category": "general",
"text": "A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox \u003c 76.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12394",
"url": "https://www.suse.com/security/cve/CVE-2020-12394"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12394",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12394"
},
{
"cve": "CVE-2020-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12395"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12395",
"url": "https://www.suse.com/security/cve/CVE-2020-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12395",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12395"
},
{
"cve": "CVE-2020-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12396"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 76.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12396",
"url": "https://www.suse.com/security/cve/CVE-2020-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12396",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12396"
},
{
"cve": "CVE-2020-12399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12399"
}
],
"notes": [
{
"category": "general",
"text": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12399",
"url": "https://www.suse.com/security/cve/CVE-2020-12399"
},
{
"category": "external",
"summary": "SUSE Bug 1171978 for CVE-2020-12399",
"url": "https://bugzilla.suse.com/1171978"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12399",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-12399"
},
{
"cve": "CVE-2020-12400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12400"
}
],
"notes": [
{
"category": "general",
"text": "When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox \u003c 80 and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12400",
"url": "https://www.suse.com/security/cve/CVE-2020-12400"
},
{
"category": "external",
"summary": "SUSE Bug 1174763 for CVE-2020-12400",
"url": "https://bugzilla.suse.com/1174763"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-12400",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-12400"
},
{
"cve": "CVE-2020-12401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12401"
}
],
"notes": [
{
"category": "general",
"text": "During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox \u003c 80 and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12401",
"url": "https://www.suse.com/security/cve/CVE-2020-12401"
},
{
"category": "external",
"summary": "SUSE Bug 1174763 for CVE-2020-12401",
"url": "https://bugzilla.suse.com/1174763"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-12401",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-12401"
},
{
"cve": "CVE-2020-12402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12402"
}
],
"notes": [
{
"category": "general",
"text": "During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12402",
"url": "https://www.suse.com/security/cve/CVE-2020-12402"
},
{
"category": "external",
"summary": "SUSE Bug 1173032 for CVE-2020-12402",
"url": "https://bugzilla.suse.com/1173032"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12402",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12402",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-12402"
},
{
"cve": "CVE-2020-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12405"
}
],
"notes": [
{
"category": "general",
"text": "When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12405",
"url": "https://www.suse.com/security/cve/CVE-2020-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12405",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12405"
},
{
"cve": "CVE-2020-12406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12406"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12406",
"url": "https://www.suse.com/security/cve/CVE-2020-12406"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12406",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12406"
},
{
"cve": "CVE-2020-12407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12407"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox \u003c 77.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12407",
"url": "https://www.suse.com/security/cve/CVE-2020-12407"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12407",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12407"
},
{
"cve": "CVE-2020-12408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12408"
}
],
"notes": [
{
"category": "general",
"text": "When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox \u003c 77.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12408",
"url": "https://www.suse.com/security/cve/CVE-2020-12408"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12408",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12408"
},
{
"cve": "CVE-2020-12409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12409"
}
],
"notes": [
{
"category": "general",
"text": "When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox \u003c 77.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12409",
"url": "https://www.suse.com/security/cve/CVE-2020-12409"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12409",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12409"
},
{
"cve": "CVE-2020-12411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12411"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 77.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12411",
"url": "https://www.suse.com/security/cve/CVE-2020-12411"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12411",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12411"
},
{
"cve": "CVE-2020-12415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12415"
}
],
"notes": [
{
"category": "general",
"text": "When \"%2F\" was present in a manifest URL, Firefox\u0027s AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12415",
"url": "https://www.suse.com/security/cve/CVE-2020-12415"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12415",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12415",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12415"
},
{
"cve": "CVE-2020-12416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12416"
}
],
"notes": [
{
"category": "general",
"text": "A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12416",
"url": "https://www.suse.com/security/cve/CVE-2020-12416"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12416",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12416",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12416"
},
{
"cve": "CVE-2020-12417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12417"
}
],
"notes": [
{
"category": "general",
"text": "Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12417",
"url": "https://www.suse.com/security/cve/CVE-2020-12417"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12417",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12417",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12417"
},
{
"cve": "CVE-2020-12418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12418"
}
],
"notes": [
{
"category": "general",
"text": "Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12418",
"url": "https://www.suse.com/security/cve/CVE-2020-12418"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12418",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12418",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12418"
},
{
"cve": "CVE-2020-12419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12419"
}
],
"notes": [
{
"category": "general",
"text": "When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12419",
"url": "https://www.suse.com/security/cve/CVE-2020-12419"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12419",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12419",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12419"
},
{
"cve": "CVE-2020-12420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12420"
}
],
"notes": [
{
"category": "general",
"text": "When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12420",
"url": "https://www.suse.com/security/cve/CVE-2020-12420"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12420",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12420",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12420"
},
{
"cve": "CVE-2020-12421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12421"
}
],
"notes": [
{
"category": "general",
"text": "When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12421",
"url": "https://www.suse.com/security/cve/CVE-2020-12421"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12421",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12421",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12421"
},
{
"cve": "CVE-2020-12422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12422"
}
],
"notes": [
{
"category": "general",
"text": "In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12422",
"url": "https://www.suse.com/security/cve/CVE-2020-12422"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12422",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12422",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12422"
},
{
"cve": "CVE-2020-12423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12423"
}
],
"notes": [
{
"category": "general",
"text": "When the Windows DLL \"webauthn.dll\" was missing from the Operating System, and a malicious one was placed in a folder in the user\u0027s %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12423",
"url": "https://www.suse.com/security/cve/CVE-2020-12423"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12423",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12423",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12423"
},
{
"cve": "CVE-2020-12424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12424"
}
],
"notes": [
{
"category": "general",
"text": "When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12424",
"url": "https://www.suse.com/security/cve/CVE-2020-12424"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12424",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12424",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12424"
},
{
"cve": "CVE-2020-12425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12425"
}
],
"notes": [
{
"category": "general",
"text": "Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12425",
"url": "https://www.suse.com/security/cve/CVE-2020-12425"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12425",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12425",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12425"
},
{
"cve": "CVE-2020-12426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12426"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12426",
"url": "https://www.suse.com/security/cve/CVE-2020-12426"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12426",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12426",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12426"
},
{
"cve": "CVE-2020-15254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15254"
}
],
"notes": [
{
"category": "general",
"text": "Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15254",
"url": "https://www.suse.com/security/cve/CVE-2020-15254"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15254",
"url": "https://bugzilla.suse.com/1177872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-15254"
},
{
"cve": "CVE-2020-15652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15652"
}
],
"notes": [
{
"category": "general",
"text": "By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox \u003c 79, Firefox ESR \u003c 68.11, Firefox ESR \u003c 78.1, Thunderbird \u003c 68.11, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15652",
"url": "https://www.suse.com/security/cve/CVE-2020-15652"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15652",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15652"
},
{
"cve": "CVE-2020-15653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15653"
}
],
"notes": [
{
"category": "general",
"text": "An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15653",
"url": "https://www.suse.com/security/cve/CVE-2020-15653"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15653",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15653"
},
{
"cve": "CVE-2020-15654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15654"
}
],
"notes": [
{
"category": "general",
"text": "When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15654",
"url": "https://www.suse.com/security/cve/CVE-2020-15654"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15654",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15654"
},
{
"cve": "CVE-2020-15655",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15655"
}
],
"notes": [
{
"category": "general",
"text": "A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15655",
"url": "https://www.suse.com/security/cve/CVE-2020-15655"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15655",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15655"
},
{
"cve": "CVE-2020-15656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15656"
}
],
"notes": [
{
"category": "general",
"text": "JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15656",
"url": "https://www.suse.com/security/cve/CVE-2020-15656"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15656",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15656"
},
{
"cve": "CVE-2020-15657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15657"
}
],
"notes": [
{
"category": "general",
"text": "Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15657",
"url": "https://www.suse.com/security/cve/CVE-2020-15657"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15657",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15657"
},
{
"cve": "CVE-2020-15658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15658"
}
],
"notes": [
{
"category": "general",
"text": "The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15658",
"url": "https://www.suse.com/security/cve/CVE-2020-15658"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15658",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15658"
},
{
"cve": "CVE-2020-15659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15659"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 79, Firefox ESR \u003c 68.11, Firefox ESR \u003c 78.1, Thunderbird \u003c 68.11, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15659",
"url": "https://www.suse.com/security/cve/CVE-2020-15659"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15659",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15659"
},
{
"cve": "CVE-2020-15663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15663"
}
],
"notes": [
{
"category": "general",
"text": "If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 80, Thunderbird \u003c 78.2, Thunderbird \u003c 68.12, Firefox ESR \u003c 68.12, and Firefox ESR \u003c 78.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15663",
"url": "https://www.suse.com/security/cve/CVE-2020-15663"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15663",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15663"
},
{
"cve": "CVE-2020-15664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15664"
}
],
"notes": [
{
"category": "general",
"text": "By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox \u003c 80, Thunderbird \u003c 78.2, Thunderbird \u003c 68.12, Firefox ESR \u003c 68.12, Firefox ESR \u003c 78.2, and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15664",
"url": "https://www.suse.com/security/cve/CVE-2020-15664"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15664",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15664"
},
{
"cve": "CVE-2020-15665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15665"
}
],
"notes": [
{
"category": "general",
"text": "Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15665",
"url": "https://www.suse.com/security/cve/CVE-2020-15665"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15665",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15665"
},
{
"cve": "CVE-2020-15666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15666"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox \u003c 80 and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15666",
"url": "https://www.suse.com/security/cve/CVE-2020-15666"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15666",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15666"
},
{
"cve": "CVE-2020-15667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15667"
}
],
"notes": [
{
"category": "general",
"text": "When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15667",
"url": "https://www.suse.com/security/cve/CVE-2020-15667"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15667",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15667"
},
{
"cve": "CVE-2020-15668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15668"
}
],
"notes": [
{
"category": "general",
"text": "A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox \u003c 80 and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15668",
"url": "https://www.suse.com/security/cve/CVE-2020-15668"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15668",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15668"
},
{
"cve": "CVE-2020-15670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15670"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 80, Firefox ESR \u003c 78.2, Thunderbird \u003c 78.2, and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15670",
"url": "https://www.suse.com/security/cve/CVE-2020-15670"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15670",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15670"
},
{
"cve": "CVE-2020-15673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15673"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15673",
"url": "https://www.suse.com/security/cve/CVE-2020-15673"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15673",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15673",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15673"
},
{
"cve": "CVE-2020-15674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15674"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 81.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15674",
"url": "https://www.suse.com/security/cve/CVE-2020-15674"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15674",
"url": "https://bugzilla.suse.com/1176756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15674"
},
{
"cve": "CVE-2020-15675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15675"
}
],
"notes": [
{
"category": "general",
"text": "When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 81.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15675",
"url": "https://www.suse.com/security/cve/CVE-2020-15675"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15675",
"url": "https://bugzilla.suse.com/1176756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15675"
},
{
"cve": "CVE-2020-15676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15676"
}
],
"notes": [
{
"category": "general",
"text": "Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15676",
"url": "https://www.suse.com/security/cve/CVE-2020-15676"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15676",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15676",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15676"
},
{
"cve": "CVE-2020-15677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15677"
}
],
"notes": [
{
"category": "general",
"text": "By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15677",
"url": "https://www.suse.com/security/cve/CVE-2020-15677"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15677",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15677",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15677"
},
{
"cve": "CVE-2020-15678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15678"
}
],
"notes": [
{
"category": "general",
"text": "When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15678",
"url": "https://www.suse.com/security/cve/CVE-2020-15678"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15678",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15678",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15678"
},
{
"cve": "CVE-2020-15680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15680"
}
],
"notes": [
{
"category": "general",
"text": "If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox \u003c 82.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15680",
"url": "https://www.suse.com/security/cve/CVE-2020-15680"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15680",
"url": "https://bugzilla.suse.com/1177872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15680"
},
{
"cve": "CVE-2020-15681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15681"
}
],
"notes": [
{
"category": "general",
"text": "When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another\u0027s entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 82.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15681",
"url": "https://www.suse.com/security/cve/CVE-2020-15681"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15681",
"url": "https://bugzilla.suse.com/1177872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15681"
},
{
"cve": "CVE-2020-15682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15682"
}
],
"notes": [
{
"category": "general",
"text": "When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn\u0027t control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox \u003c 82.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15682",
"url": "https://www.suse.com/security/cve/CVE-2020-15682"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15682",
"url": "https://bugzilla.suse.com/1177872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15682"
},
{
"cve": "CVE-2020-15683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15683"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.4, Firefox \u003c 82, and Thunderbird \u003c 78.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15683",
"url": "https://www.suse.com/security/cve/CVE-2020-15683"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15683",
"url": "https://bugzilla.suse.com/1177872"
},
{
"category": "external",
"summary": "SUSE Bug 1177977 for CVE-2020-15683",
"url": "https://bugzilla.suse.com/1177977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15683"
},
{
"cve": "CVE-2020-15684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15684"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 82.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15684",
"url": "https://www.suse.com/security/cve/CVE-2020-15684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15684"
},
{
"cve": "CVE-2020-15969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15969"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15969",
"url": "https://www.suse.com/security/cve/CVE-2020-15969"
},
{
"category": "external",
"summary": "SUSE Bug 1177408 for CVE-2020-15969",
"url": "https://bugzilla.suse.com/1177408"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15969",
"url": "https://bugzilla.suse.com/1177872"
},
{
"category": "external",
"summary": "SUSE Bug 1177977 for CVE-2020-15969",
"url": "https://bugzilla.suse.com/1177977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15969"
},
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-16012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16012"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16012",
"url": "https://www.suse.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178894"
},
{
"category": "external",
"summary": "SUSE Bug 1178923 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-16012"
},
{
"cve": "CVE-2020-16042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16042"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16042",
"url": "https://www.suse.com/security/cve/CVE-2020-16042"
},
{
"category": "external",
"summary": "SUSE Bug 1179576 for CVE-2020-16042",
"url": "https://bugzilla.suse.com/1179576"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-16042",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-16042"
},
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
},
{
"cve": "CVE-2020-26950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26950"
}
],
"notes": [
{
"category": "general",
"text": "In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox \u003c 82.0.3, Firefox ESR \u003c 78.4.1, and Thunderbird \u003c 78.4.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26950",
"url": "https://www.suse.com/security/cve/CVE-2020-26950"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-26950",
"url": "https://bugzilla.suse.com/1177872"
},
{
"category": "external",
"summary": "SUSE Bug 1178588 for CVE-2020-26950",
"url": "https://bugzilla.suse.com/1178588"
},
{
"category": "external",
"summary": "SUSE Bug 1178611 for CVE-2020-26950",
"url": "https://bugzilla.suse.com/1178611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26950"
},
{
"cve": "CVE-2020-26951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26951"
}
],
"notes": [
{
"category": "general",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26951",
"url": "https://www.suse.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26951"
},
{
"cve": "CVE-2020-26952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26952"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26952",
"url": "https://www.suse.com/security/cve/CVE-2020-26952"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26952",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26952"
},
{
"cve": "CVE-2020-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26953"
}
],
"notes": [
{
"category": "general",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26953",
"url": "https://www.suse.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26953"
},
{
"cve": "CVE-2020-26954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26954"
}
],
"notes": [
{
"category": "general",
"text": "When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26954",
"url": "https://www.suse.com/security/cve/CVE-2020-26954"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26954",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-26954"
},
{
"cve": "CVE-2020-26955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26955"
}
],
"notes": [
{
"category": "general",
"text": "When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26955",
"url": "https://www.suse.com/security/cve/CVE-2020-26955"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26955",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-26955"
},
{
"cve": "CVE-2020-26956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26956"
}
],
"notes": [
{
"category": "general",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26956",
"url": "https://www.suse.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26956"
},
{
"cve": "CVE-2020-26957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26957"
}
],
"notes": [
{
"category": "general",
"text": "OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26957",
"url": "https://www.suse.com/security/cve/CVE-2020-26957"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26957",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-26957"
},
{
"cve": "CVE-2020-26958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26958"
}
],
"notes": [
{
"category": "general",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26958",
"url": "https://www.suse.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26958"
},
{
"cve": "CVE-2020-26959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26959"
}
],
"notes": [
{
"category": "general",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26959",
"url": "https://www.suse.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26959"
},
{
"cve": "CVE-2020-26960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26960"
}
],
"notes": [
{
"category": "general",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26960",
"url": "https://www.suse.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26960"
},
{
"cve": "CVE-2020-26961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26961"
}
],
"notes": [
{
"category": "general",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26961",
"url": "https://www.suse.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26961"
},
{
"cve": "CVE-2020-26962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26962"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26962",
"url": "https://www.suse.com/security/cve/CVE-2020-26962"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26962",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26962"
},
{
"cve": "CVE-2020-26963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26963"
}
],
"notes": [
{
"category": "general",
"text": "Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26963",
"url": "https://www.suse.com/security/cve/CVE-2020-26963"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26963",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26963"
},
{
"cve": "CVE-2020-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26964"
}
],
"notes": [
{
"category": "general",
"text": "If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26964",
"url": "https://www.suse.com/security/cve/CVE-2020-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26964",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-26964"
},
{
"cve": "CVE-2020-26965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26965"
}
],
"notes": [
{
"category": "general",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26965",
"url": "https://www.suse.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26965"
},
{
"cve": "CVE-2020-26966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26966"
}
],
"notes": [
{
"category": "general",
"text": "Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26966",
"url": "https://www.suse.com/security/cve/CVE-2020-26966"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26966"
},
{
"cve": "CVE-2020-26967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26967"
}
],
"notes": [
{
"category": "general",
"text": "When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26967",
"url": "https://www.suse.com/security/cve/CVE-2020-26967"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26967",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26967"
},
{
"cve": "CVE-2020-26968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26968"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26968",
"url": "https://www.suse.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26968"
},
{
"cve": "CVE-2020-26969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26969"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26969",
"url": "https://www.suse.com/security/cve/CVE-2020-26969"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26969",
"url": "https://bugzilla.suse.com/1178824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26969"
},
{
"cve": "CVE-2020-26971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26971"
}
],
"notes": [
{
"category": "general",
"text": "Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26971",
"url": "https://www.suse.com/security/cve/CVE-2020-26971"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26971",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26971"
},
{
"cve": "CVE-2020-26972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26972"
}
],
"notes": [
{
"category": "general",
"text": "The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox \u003c 84.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26972",
"url": "https://www.suse.com/security/cve/CVE-2020-26972"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26972",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26972"
},
{
"cve": "CVE-2020-26973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26973"
}
],
"notes": [
{
"category": "general",
"text": "Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26973",
"url": "https://www.suse.com/security/cve/CVE-2020-26973"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26973",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26973"
},
{
"cve": "CVE-2020-26974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26974"
}
],
"notes": [
{
"category": "general",
"text": "When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26974",
"url": "https://www.suse.com/security/cve/CVE-2020-26974"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26974",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26974"
},
{
"cve": "CVE-2020-26975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26975"
}
],
"notes": [
{
"category": "general",
"text": "When a malicious application installed on the user\u0027s device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 84.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26975",
"url": "https://www.suse.com/security/cve/CVE-2020-26975"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26975",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26975"
},
{
"cve": "CVE-2020-26976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26976"
}
],
"notes": [
{
"category": "general",
"text": "When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox \u003c 84.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26976",
"url": "https://www.suse.com/security/cve/CVE-2020-26976"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26976",
"url": "https://bugzilla.suse.com/1180039"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2020-26976",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26976"
},
{
"cve": "CVE-2020-26977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26977"
}
],
"notes": [
{
"category": "general",
"text": "By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 84.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26977",
"url": "https://www.suse.com/security/cve/CVE-2020-26977"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26977",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26977"
},
{
"cve": "CVE-2020-26978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26978"
}
],
"notes": [
{
"category": "general",
"text": "Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network\u0027s hosts as well as services running on the user\u0027s local machine. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26978",
"url": "https://www.suse.com/security/cve/CVE-2020-26978"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26978",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26978"
},
{
"cve": "CVE-2020-26979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26979"
}
],
"notes": [
{
"category": "general",
"text": "When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox \u003c 84.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26979",
"url": "https://www.suse.com/security/cve/CVE-2020-26979"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26979",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26979"
},
{
"cve": "CVE-2020-35111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35111"
}
],
"notes": [
{
"category": "general",
"text": "When an extension with the proxy permission registered to receive \u003call_urls\u003e, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35111",
"url": "https://www.suse.com/security/cve/CVE-2020-35111"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-35111",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35111"
},
{
"cve": "CVE-2020-35112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35112"
}
],
"notes": [
{
"category": "general",
"text": "If a user downloaded a file lacking an extension on Windows, and then \"Open\"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35112",
"url": "https://www.suse.com/security/cve/CVE-2020-35112"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-35112",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35112"
},
{
"cve": "CVE-2020-35113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35113"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35113",
"url": "https://www.suse.com/security/cve/CVE-2020-35113"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-35113",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35113"
},
{
"cve": "CVE-2020-35114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35114"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 84.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35114",
"url": "https://www.suse.com/security/cve/CVE-2020-35114"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-35114",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35114"
},
{
"cve": "CVE-2020-6463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6463"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6463",
"url": "https://www.suse.com/security/cve/CVE-2020-6463"
},
{
"category": "external",
"summary": "SUSE Bug 1171975 for CVE-2020-6463",
"url": "https://bugzilla.suse.com/1171975"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-6463",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-6463"
},
{
"cve": "CVE-2020-6514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6514"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6514",
"url": "https://www.suse.com/security/cve/CVE-2020-6514"
},
{
"category": "external",
"summary": "SUSE Bug 1174189 for CVE-2020-6514",
"url": "https://bugzilla.suse.com/1174189"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-6514",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6514"
},
{
"cve": "CVE-2020-6796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6796"
}
],
"notes": [
{
"category": "general",
"text": "A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 73 and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6796",
"url": "https://www.suse.com/security/cve/CVE-2020-6796"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6796",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6796"
},
{
"cve": "CVE-2020-6797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6797"
}
],
"notes": [
{
"category": "general",
"text": "By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user\u0027s computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird \u003c 68.5, Firefox \u003c 73, and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6797",
"url": "https://www.suse.com/security/cve/CVE-2020-6797"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6797",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6797"
},
{
"cve": "CVE-2020-6798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6798"
}
],
"notes": [
{
"category": "general",
"text": "If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird \u003c 68.5, Firefox \u003c 73, and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6798",
"url": "https://www.suse.com/security/cve/CVE-2020-6798"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6798",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6798"
},
{
"cve": "CVE-2020-6799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6799"
}
],
"notes": [
{
"category": "general",
"text": "Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 73 and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6799",
"url": "https://www.suse.com/security/cve/CVE-2020-6799"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6799",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6799"
},
{
"cve": "CVE-2020-6800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6800"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird \u003c 68.5, Firefox \u003c 73, and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6800",
"url": "https://www.suse.com/security/cve/CVE-2020-6800"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6800",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6800"
},
{
"cve": "CVE-2020-6801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6801"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 73.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6801",
"url": "https://www.suse.com/security/cve/CVE-2020-6801"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6801",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6801"
},
{
"cve": "CVE-2020-6805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6805"
}
],
"notes": [
{
"category": "general",
"text": "When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6805",
"url": "https://www.suse.com/security/cve/CVE-2020-6805"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6805",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6805"
},
{
"cve": "CVE-2020-6806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6806"
}
],
"notes": [
{
"category": "general",
"text": "By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6806",
"url": "https://www.suse.com/security/cve/CVE-2020-6806"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6806",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6806"
},
{
"cve": "CVE-2020-6807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6807"
}
],
"notes": [
{
"category": "general",
"text": "When a device was changed while a stream was about to be destroyed, the \u003ccode\u003estream-reinit\u003c/code\u003e task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6807",
"url": "https://www.suse.com/security/cve/CVE-2020-6807"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6807",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6807"
},
{
"cve": "CVE-2020-6808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6808"
}
],
"notes": [
{
"category": "general",
"text": "When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document\u0027s URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox \u003c 74.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6808",
"url": "https://www.suse.com/security/cve/CVE-2020-6808"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6808",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6808"
},
{
"cve": "CVE-2020-6809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6809"
}
],
"notes": [
{
"category": "general",
"text": "When a Web Extension had the all-urls permission and made a fetch request with a mode set to \u0027same-origin\u0027, it was possible for the Web Extension to read local files. This vulnerability affects Firefox \u003c 74.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6809",
"url": "https://www.suse.com/security/cve/CVE-2020-6809"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6809",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6809"
},
{
"cve": "CVE-2020-6810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6810"
}
],
"notes": [
{
"category": "general",
"text": "After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox \u003c 74.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6810",
"url": "https://www.suse.com/security/cve/CVE-2020-6810"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6810",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6810"
},
{
"cve": "CVE-2020-6811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6811"
}
],
"notes": [
{
"category": "general",
"text": "The \u0027Copy as cURL\u0027 feature of Devtools\u0027 network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the \u0027Copy as Curl\u0027 feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6811",
"url": "https://www.suse.com/security/cve/CVE-2020-6811"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6811",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6811"
},
{
"cve": "CVE-2020-6812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6812"
}
],
"notes": [
{
"category": "general",
"text": "The first time AirPods are connected to an iPhone, they become named after the user\u0027s name by default (e.g. Jane Doe\u0027s AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user\u0027s name. To resolve this issue, Firefox added a special case that renames devices containing the substring \u0027AirPods\u0027 to simply \u0027AirPods\u0027. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6812",
"url": "https://www.suse.com/security/cve/CVE-2020-6812"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6812",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6812"
},
{
"cve": "CVE-2020-6813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6813"
}
],
"notes": [
{
"category": "general",
"text": "When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox \u003c 74.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6813",
"url": "https://www.suse.com/security/cve/CVE-2020-6813"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6813",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6813"
},
{
"cve": "CVE-2020-6814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6814"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6814",
"url": "https://www.suse.com/security/cve/CVE-2020-6814"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6814",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6814"
},
{
"cve": "CVE-2020-6815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6815"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 74.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6815",
"url": "https://www.suse.com/security/cve/CVE-2020-6815"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6815",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6815"
},
{
"cve": "CVE-2020-6819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6819"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox \u003c 74.0.1, and Firefox ESR \u003c 68.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6819",
"url": "https://www.suse.com/security/cve/CVE-2020-6819"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6819",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6819",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6819"
},
{
"cve": "CVE-2020-6820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6820"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox \u003c 74.0.1, and Firefox ESR \u003c 68.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6820",
"url": "https://www.suse.com/security/cve/CVE-2020-6820"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6820",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6820",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6820"
},
{
"cve": "CVE-2020-6821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6821"
}
],
"notes": [
{
"category": "general",
"text": "When reading from areas partially or fully outside the source resource with WebGL\u0027s \u003ccode\u003ecopyTexSubImage\u003c/code\u003e method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6821",
"url": "https://www.suse.com/security/cve/CVE-2020-6821"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6821",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6821",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6821"
},
{
"cve": "CVE-2020-6822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6822"
}
],
"notes": [
{
"category": "general",
"text": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6822",
"url": "https://www.suse.com/security/cve/CVE-2020-6822"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6822",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6822",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6822"
},
{
"cve": "CVE-2020-6823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6823"
}
],
"notes": [
{
"category": "general",
"text": "A malicious extension could have called \u003ccode\u003ebrowser.identity.launchWebAuthFlow\u003c/code\u003e, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user\u0027s account at the service provider. This vulnerability affects Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6823",
"url": "https://www.suse.com/security/cve/CVE-2020-6823"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6823",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6823"
},
{
"cve": "CVE-2020-6824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6824"
}
],
"notes": [
{
"category": "general",
"text": "Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6824",
"url": "https://www.suse.com/security/cve/CVE-2020-6824"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6824",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6824"
},
{
"cve": "CVE-2020-6825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6825"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6825",
"url": "https://www.suse.com/security/cve/CVE-2020-6825"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6825",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6825",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6825"
},
{
"cve": "CVE-2020-6826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6826"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6826",
"url": "https://www.suse.com/security/cve/CVE-2020-6826"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6826",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6826"
},
{
"cve": "CVE-2020-6829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6829"
}
],
"notes": [
{
"category": "general",
"text": "When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox \u003c 80 and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6829",
"url": "https://www.suse.com/security/cve/CVE-2020-6829"
},
{
"category": "external",
"summary": "SUSE Bug 1174763 for CVE-2020-6829",
"url": "https://bugzilla.suse.com/1174763"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-6829",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-6829"
},
{
"cve": "CVE-2020-6831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6831"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6831",
"url": "https://www.suse.com/security/cve/CVE-2020-6831"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-6831",
"url": "https://bugzilla.suse.com/1171186"
},
{
"category": "external",
"summary": "SUSE Bug 1171247 for CVE-2020-6831",
"url": "https://bugzilla.suse.com/1171247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6831"
},
{
"cve": "CVE-2021-23953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23953"
}
],
"notes": [
{
"category": "general",
"text": "If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23953",
"url": "https://www.suse.com/security/cve/CVE-2021-23953"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23953",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23953"
},
{
"cve": "CVE-2021-23954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23954"
}
],
"notes": [
{
"category": "general",
"text": "Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23954",
"url": "https://www.suse.com/security/cve/CVE-2021-23954"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23954",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23954"
},
{
"cve": "CVE-2021-23955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23955"
}
],
"notes": [
{
"category": "general",
"text": "The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23955",
"url": "https://www.suse.com/security/cve/CVE-2021-23955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23955"
},
{
"cve": "CVE-2021-23956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23956"
}
],
"notes": [
{
"category": "general",
"text": "An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23956",
"url": "https://www.suse.com/security/cve/CVE-2021-23956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23956"
},
{
"cve": "CVE-2021-23957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23957"
}
],
"notes": [
{
"category": "general",
"text": "Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23957",
"url": "https://www.suse.com/security/cve/CVE-2021-23957"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23957"
},
{
"cve": "CVE-2021-23958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23958"
}
],
"notes": [
{
"category": "general",
"text": "The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23958",
"url": "https://www.suse.com/security/cve/CVE-2021-23958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23958"
},
{
"cve": "CVE-2021-23959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23959"
}
],
"notes": [
{
"category": "general",
"text": "An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23959",
"url": "https://www.suse.com/security/cve/CVE-2021-23959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23959"
},
{
"cve": "CVE-2021-23960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23960"
}
],
"notes": [
{
"category": "general",
"text": "Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23960",
"url": "https://www.suse.com/security/cve/CVE-2021-23960"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23960",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23960"
},
{
"cve": "CVE-2021-23961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23961"
}
],
"notes": [
{
"category": "general",
"text": "Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network\u0027s hosts as well as services running on the user\u0027s local machine. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23961",
"url": "https://www.suse.com/security/cve/CVE-2021-23961"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23961",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23961"
},
{
"cve": "CVE-2021-23962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23962"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect use of the \u0027\u003cRowCountChanged\u003e\u0027 method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23962",
"url": "https://www.suse.com/security/cve/CVE-2021-23962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23962"
},
{
"cve": "CVE-2021-23963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23963"
}
],
"notes": [
{
"category": "general",
"text": "When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23963",
"url": "https://www.suse.com/security/cve/CVE-2021-23963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23963"
},
{
"cve": "CVE-2021-23964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23964"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23964",
"url": "https://www.suse.com/security/cve/CVE-2021-23964"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23964",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23964"
},
{
"cve": "CVE-2021-23965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23965"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23965",
"url": "https://www.suse.com/security/cve/CVE-2021-23965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23965"
},
{
"cve": "CVE-2021-23968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23968"
}
],
"notes": [
{
"category": "general",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23968",
"url": "https://www.suse.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23968",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23968"
},
{
"cve": "CVE-2021-23969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23969"
}
],
"notes": [
{
"category": "general",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u0027s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23969",
"url": "https://www.suse.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23969",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23969"
},
{
"cve": "CVE-2021-23970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23970"
}
],
"notes": [
{
"category": "general",
"text": "Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23970",
"url": "https://www.suse.com/security/cve/CVE-2021-23970"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23970",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23970"
},
{
"cve": "CVE-2021-23971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23971"
}
],
"notes": [
{
"category": "general",
"text": "When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect\u0027s Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23971",
"url": "https://www.suse.com/security/cve/CVE-2021-23971"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23971",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23971"
},
{
"cve": "CVE-2021-23972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23972"
}
],
"notes": [
{
"category": "general",
"text": "One phishing tactic on the web is to provide a link with HTTP Auth. For example \u0027https://www.phishingtarget.com@evil.com\u0027. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23972",
"url": "https://www.suse.com/security/cve/CVE-2021-23972"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23972",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23972"
},
{
"cve": "CVE-2021-23973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23973"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23973",
"url": "https://www.suse.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23973",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23973"
},
{
"cve": "CVE-2021-23974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23974"
}
],
"notes": [
{
"category": "general",
"text": "The DOMParser API did not properly process \u0027\u003cnoscript\u003e\u0027 elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23974",
"url": "https://www.suse.com/security/cve/CVE-2021-23974"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23974",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23974"
},
{
"cve": "CVE-2021-23975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23975"
}
],
"notes": [
{
"category": "general",
"text": "The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23975",
"url": "https://www.suse.com/security/cve/CVE-2021-23975"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23975",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23975"
},
{
"cve": "CVE-2021-23976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23976"
}
],
"notes": [
{
"category": "general",
"text": "When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23976",
"url": "https://www.suse.com/security/cve/CVE-2021-23976"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23976",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23976"
},
{
"cve": "CVE-2021-23977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23977"
}
],
"notes": [
{
"category": "general",
"text": "Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23977",
"url": "https://www.suse.com/security/cve/CVE-2021-23977"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23977",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23977"
},
{
"cve": "CVE-2021-23978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23978"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23978",
"url": "https://www.suse.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23978",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23978"
},
{
"cve": "CVE-2021-23979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23979"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23979",
"url": "https://www.suse.com/security/cve/CVE-2021-23979"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23979",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23979"
},
{
"cve": "CVE-2021-23981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23981"
}
],
"notes": [
{
"category": "general",
"text": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23981",
"url": "https://www.suse.com/security/cve/CVE-2021-23981"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23981",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23981"
},
{
"cve": "CVE-2021-23982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23982"
}
],
"notes": [
{
"category": "general",
"text": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23982",
"url": "https://www.suse.com/security/cve/CVE-2021-23982"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23982",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23982"
},
{
"cve": "CVE-2021-23983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23983"
}
],
"notes": [
{
"category": "general",
"text": "By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 87.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23983",
"url": "https://www.suse.com/security/cve/CVE-2021-23983"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23983",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23983"
},
{
"cve": "CVE-2021-23984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23984"
}
],
"notes": [
{
"category": "general",
"text": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23984",
"url": "https://www.suse.com/security/cve/CVE-2021-23984"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23984",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23984"
},
{
"cve": "CVE-2021-23985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23985"
}
],
"notes": [
{
"category": "general",
"text": "If an attacker is able to alter specific about:config values (for example malware running on the user\u0027s computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user\u0027s browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox \u003c 87.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23985",
"url": "https://www.suse.com/security/cve/CVE-2021-23985"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23985",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23985"
},
{
"cve": "CVE-2021-23986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23986"
}
],
"notes": [
{
"category": "general",
"text": "A malicious extension with the \u0027search\u0027 permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox \u003c 87.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23986",
"url": "https://www.suse.com/security/cve/CVE-2021-23986"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23986",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23986"
},
{
"cve": "CVE-2021-23987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23987"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23987",
"url": "https://www.suse.com/security/cve/CVE-2021-23987"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23987",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23987"
},
{
"cve": "CVE-2021-23988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23988"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 87.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23988",
"url": "https://www.suse.com/security/cve/CVE-2021-23988"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23988",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23988"
},
{
"cve": "CVE-2021-23994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23994"
}
],
"notes": [
{
"category": "general",
"text": "A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23994",
"url": "https://www.suse.com/security/cve/CVE-2021-23994"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23994",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23994"
},
{
"cve": "CVE-2021-23995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23995"
}
],
"notes": [
{
"category": "general",
"text": "When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23995",
"url": "https://www.suse.com/security/cve/CVE-2021-23995"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23995",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23995"
},
{
"cve": "CVE-2021-23996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23996"
}
],
"notes": [
{
"category": "general",
"text": "By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage\u0027s viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23996",
"url": "https://www.suse.com/security/cve/CVE-2021-23996"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23996",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23996"
},
{
"cve": "CVE-2021-23997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23997"
}
],
"notes": [
{
"category": "general",
"text": "Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23997",
"url": "https://www.suse.com/security/cve/CVE-2021-23997"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23997",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23997"
},
{
"cve": "CVE-2021-23998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23998"
}
],
"notes": [
{
"category": "general",
"text": "Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23998",
"url": "https://www.suse.com/security/cve/CVE-2021-23998"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23998",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23998"
},
{
"cve": "CVE-2021-23999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23999"
}
],
"notes": [
{
"category": "general",
"text": "If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23999",
"url": "https://www.suse.com/security/cve/CVE-2021-23999"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23999",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23999"
},
{
"cve": "CVE-2021-24000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24000"
}
],
"notes": [
{
"category": "general",
"text": "A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as \u0026lt;input type=\"file\"\u0026gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24000",
"url": "https://www.suse.com/security/cve/CVE-2021-24000"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-24000",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-24000"
},
{
"cve": "CVE-2021-24001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24001"
}
],
"notes": [
{
"category": "general",
"text": "A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24001",
"url": "https://www.suse.com/security/cve/CVE-2021-24001"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-24001",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-24001"
},
{
"cve": "CVE-2021-24002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24002"
}
],
"notes": [
{
"category": "general",
"text": "When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24002",
"url": "https://www.suse.com/security/cve/CVE-2021-24002"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-24002",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-24002"
},
{
"cve": "CVE-2021-29944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29944"
}
],
"notes": [
{
"category": "general",
"text": "Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29944",
"url": "https://www.suse.com/security/cve/CVE-2021-29944"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-29944",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29944"
},
{
"cve": "CVE-2021-29945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29945"
}
],
"notes": [
{
"category": "general",
"text": "The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29945",
"url": "https://www.suse.com/security/cve/CVE-2021-29945"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-29945",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29945"
},
{
"cve": "CVE-2021-29946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29946"
}
],
"notes": [
{
"category": "general",
"text": "Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29946",
"url": "https://www.suse.com/security/cve/CVE-2021-29946"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-29946",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29946"
},
{
"cve": "CVE-2021-29947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29947"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29947",
"url": "https://www.suse.com/security/cve/CVE-2021-29947"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-29947",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29947"
},
{
"cve": "CVE-2021-29952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29952"
}
],
"notes": [
{
"category": "general",
"text": "When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox \u003c 88.0.1 and Firefox for Android \u003c 88.1.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29952",
"url": "https://www.suse.com/security/cve/CVE-2021-29952"
},
{
"category": "external",
"summary": "SUSE Bug 1186196 for CVE-2021-29952",
"url": "https://bugzilla.suse.com/1186196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29952"
},
{
"cve": "CVE-2021-29959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29959"
}
],
"notes": [
{
"category": "general",
"text": "When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox \u003c 89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29959",
"url": "https://www.suse.com/security/cve/CVE-2021-29959"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29959",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29959"
},
{
"cve": "CVE-2021-29960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29960"
}
],
"notes": [
{
"category": "general",
"text": "Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox \u003c 89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29960",
"url": "https://www.suse.com/security/cve/CVE-2021-29960"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29960",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29960"
},
{
"cve": "CVE-2021-29961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29961"
}
],
"notes": [
{
"category": "general",
"text": "When styling and rendering an oversized `\u003cselect\u003e` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox \u003c 89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29961",
"url": "https://www.suse.com/security/cve/CVE-2021-29961"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29961",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29961"
},
{
"cve": "CVE-2021-29962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29962"
}
],
"notes": [
{
"category": "general",
"text": "Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29962",
"url": "https://www.suse.com/security/cve/CVE-2021-29962"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29962",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29962"
},
{
"cve": "CVE-2021-29963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29963"
}
],
"notes": [
{
"category": "general",
"text": "Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29963",
"url": "https://www.suse.com/security/cve/CVE-2021-29963"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29963",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29963"
},
{
"cve": "CVE-2021-29964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29964"
}
],
"notes": [
{
"category": "general",
"text": "A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 78.11, Firefox \u003c 89, and Firefox ESR \u003c 78.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29964",
"url": "https://www.suse.com/security/cve/CVE-2021-29964"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29964",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29964"
},
{
"cve": "CVE-2021-29965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29965"
}
],
"notes": [
{
"category": "general",
"text": "A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29965",
"url": "https://www.suse.com/security/cve/CVE-2021-29965"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29965",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29965"
},
{
"cve": "CVE-2021-29966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29966"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 89.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29966",
"url": "https://www.suse.com/security/cve/CVE-2021-29966"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29966",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29966"
},
{
"cve": "CVE-2021-29967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29967"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.11, Firefox \u003c 89, and Firefox ESR \u003c 78.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29967",
"url": "https://www.suse.com/security/cve/CVE-2021-29967"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29967",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29967"
},
{
"cve": "CVE-2021-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29970"
}
],
"notes": [
{
"category": "general",
"text": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29970",
"url": "https://www.suse.com/security/cve/CVE-2021-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29970",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29970"
},
{
"cve": "CVE-2021-29971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29971"
}
],
"notes": [
{
"category": "general",
"text": "If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29971",
"url": "https://www.suse.com/security/cve/CVE-2021-29971"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29971",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29971"
},
{
"cve": "CVE-2021-29972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29972"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29972",
"url": "https://www.suse.com/security/cve/CVE-2021-29972"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29972",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29972"
},
{
"cve": "CVE-2021-29973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29973"
}
],
"notes": [
{
"category": "general",
"text": "Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user\u0027s password would be entered by the browser\u0027s autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29973",
"url": "https://www.suse.com/security/cve/CVE-2021-29973"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29973",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29973"
},
{
"cve": "CVE-2021-29974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29974"
}
],
"notes": [
{
"category": "general",
"text": "When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29974",
"url": "https://www.suse.com/security/cve/CVE-2021-29974"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29974",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29974"
},
{
"cve": "CVE-2021-29975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29975"
}
],
"notes": [
{
"category": "general",
"text": "Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29975",
"url": "https://www.suse.com/security/cve/CVE-2021-29975"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29975",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29975"
},
{
"cve": "CVE-2021-29976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29976"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29976",
"url": "https://www.suse.com/security/cve/CVE-2021-29976"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29976",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29976"
},
{
"cve": "CVE-2021-29977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29977"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29977",
"url": "https://www.suse.com/security/cve/CVE-2021-29977"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29977",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29977"
},
{
"cve": "CVE-2021-29980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29980"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29980",
"url": "https://www.suse.com/security/cve/CVE-2021-29980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29980"
},
{
"cve": "CVE-2021-29981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29981"
}
],
"notes": [
{
"category": "general",
"text": "An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox \u003c 91 and Thunderbird \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29981",
"url": "https://www.suse.com/security/cve/CVE-2021-29981"
},
{
"category": "external",
"summary": "SUSE Bug 1189631 for CVE-2021-29981",
"url": "https://bugzilla.suse.com/1189631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29981"
},
{
"cve": "CVE-2021-29982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29982"
}
],
"notes": [
{
"category": "general",
"text": "Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox \u003c 91 and Thunderbird \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29982",
"url": "https://www.suse.com/security/cve/CVE-2021-29982"
},
{
"category": "external",
"summary": "SUSE Bug 1189630 for CVE-2021-29982",
"url": "https://bugzilla.suse.com/1189630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-29982"
},
{
"cve": "CVE-2021-29983",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29983"
}
],
"notes": [
{
"category": "general",
"text": "Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29983",
"url": "https://www.suse.com/security/cve/CVE-2021-29983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-29983"
},
{
"cve": "CVE-2021-29984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29984"
}
],
"notes": [
{
"category": "general",
"text": "Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29984",
"url": "https://www.suse.com/security/cve/CVE-2021-29984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29984"
},
{
"cve": "CVE-2021-29985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29985"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29985",
"url": "https://www.suse.com/security/cve/CVE-2021-29985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29985"
},
{
"cve": "CVE-2021-29986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29986"
}
],
"notes": [
{
"category": "general",
"text": "A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29986",
"url": "https://www.suse.com/security/cve/CVE-2021-29986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29986"
},
{
"cve": "CVE-2021-29987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29987"
}
],
"notes": [
{
"category": "general",
"text": "After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 91 and Thunderbird \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29987",
"url": "https://www.suse.com/security/cve/CVE-2021-29987"
},
{
"category": "external",
"summary": "SUSE Bug 1189629 for CVE-2021-29987",
"url": "https://bugzilla.suse.com/1189629"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-29987"
},
{
"cve": "CVE-2021-29988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29988"
}
],
"notes": [
{
"category": "general",
"text": "Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29988",
"url": "https://www.suse.com/security/cve/CVE-2021-29988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29988"
},
{
"cve": "CVE-2021-29989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29989"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.13, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29989",
"url": "https://www.suse.com/security/cve/CVE-2021-29989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29989"
},
{
"cve": "CVE-2021-29990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29990"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29990",
"url": "https://www.suse.com/security/cve/CVE-2021-29990"
},
{
"category": "external",
"summary": "SUSE Bug 1189628 for CVE-2021-29990",
"url": "https://bugzilla.suse.com/1189628"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29990"
},
{
"cve": "CVE-2021-29991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29991"
}
],
"notes": [
{
"category": "general",
"text": "Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox \u003c 91.0.1 and Thunderbird \u003c 91.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29991",
"url": "https://www.suse.com/security/cve/CVE-2021-29991"
},
{
"category": "external",
"summary": "SUSE Bug 1189547 for CVE-2021-29991",
"url": "https://bugzilla.suse.com/1189547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29991"
},
{
"cve": "CVE-2021-29993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29993"
}
],
"notes": [
{
"category": "general",
"text": "Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29993",
"url": "https://www.suse.com/security/cve/CVE-2021-29993"
},
{
"category": "external",
"summary": "SUSE Bug 1190269 for CVE-2021-29993",
"url": "https://bugzilla.suse.com/1190269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29993"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
},
{
"cve": "CVE-2021-38491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38491"
}
],
"notes": [
{
"category": "general",
"text": "Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox \u003c 92.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38491",
"url": "https://www.suse.com/security/cve/CVE-2021-38491"
},
{
"category": "external",
"summary": "SUSE Bug 1190269 for CVE-2021-38491",
"url": "https://bugzilla.suse.com/1190269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38491"
},
{
"cve": "CVE-2021-38492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38492"
}
],
"notes": [
{
"category": "general",
"text": "When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38492",
"url": "https://www.suse.com/security/cve/CVE-2021-38492"
},
{
"category": "external",
"summary": "SUSE Bug 1190269 for CVE-2021-38492",
"url": "https://bugzilla.suse.com/1190269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38492"
},
{
"cve": "CVE-2021-38493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38493"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38493",
"url": "https://www.suse.com/security/cve/CVE-2021-38493"
},
{
"category": "external",
"summary": "SUSE Bug 1190269 for CVE-2021-38493",
"url": "https://bugzilla.suse.com/1190269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38493"
},
{
"cve": "CVE-2021-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38494"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 92.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38494",
"url": "https://www.suse.com/security/cve/CVE-2021-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1190269 for CVE-2021-38494",
"url": "https://bugzilla.suse.com/1190269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38494"
}
]
}
OPENSUSE-SU-2020:2315-1
Vulnerability from csaf_opensuse - Published: 2020-12-22 12:04 - Updated: 2020-12-22 12:04Summary
Security update for MozillaFirefox
Notes
Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
* CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
* CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
* CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956: XSS through paste (manual and clipboard API)
* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
* CVE-2020-26959: Use-after-free in WebRequestService
* CVE-2020-26960: Potential use-after-free in uses of nsTArray
* CVE-2020-15999: Heap buffer overflow in freetype
* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965: Software keyboards may have remembered typed passwords
* CVE-2020-26966: Single-word search queries were also broadcast to local network
* CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-2315
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n * CVE-2020-26956: XSS through paste (manual and clipboard API)\n * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n * CVE-2020-26959: Use-after-free in WebRequestService\n * CVE-2020-26960: Potential use-after-free in uses of nsTArray\n * CVE-2020-15999: Heap buffer overflow in freetype\n * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n * CVE-2020-26965: Software keyboards may have remembered typed passwords\n * CVE-2020-26966: Single-word search queries were also broadcast to local network\n * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2315",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2315-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2315-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/76P3E35NHCSZCWGVU63J3OKJKJO3HUJD/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2315-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/76P3E35NHCSZCWGVU63J3OKJKJO3HUJD/"
},
{
"category": "self",
"summary": "SUSE Bug 1178824",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16012 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26951 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26956 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26958 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26959 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26960 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26961 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26965 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26966 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26968 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26968/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2020-12-22T12:04:16Z",
"generator": {
"date": "2020-12-22T12:04:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2315-1",
"initial_release_date": "2020-12-22T12:04:16Z",
"revision_history": [
{
"date": "2020-12-22T12:04:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"product": {
"name": "MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"product_id": "MozillaFirefox-78.5.0-lp152.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"product_id": "MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.5.0-lp152.2.33.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64"
},
"product_reference": "MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-16012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16012"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16012",
"url": "https://www.suse.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178894"
},
{
"category": "external",
"summary": "SUSE Bug 1178923 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-16012"
},
{
"cve": "CVE-2020-26951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26951"
}
],
"notes": [
{
"category": "general",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26951",
"url": "https://www.suse.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26951"
},
{
"cve": "CVE-2020-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26953"
}
],
"notes": [
{
"category": "general",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26953",
"url": "https://www.suse.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26953"
},
{
"cve": "CVE-2020-26956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26956"
}
],
"notes": [
{
"category": "general",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26956",
"url": "https://www.suse.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26956"
},
{
"cve": "CVE-2020-26958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26958"
}
],
"notes": [
{
"category": "general",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26958",
"url": "https://www.suse.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26958"
},
{
"cve": "CVE-2020-26959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26959"
}
],
"notes": [
{
"category": "general",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26959",
"url": "https://www.suse.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26959"
},
{
"cve": "CVE-2020-26960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26960"
}
],
"notes": [
{
"category": "general",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26960",
"url": "https://www.suse.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26960"
},
{
"cve": "CVE-2020-26961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26961"
}
],
"notes": [
{
"category": "general",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26961",
"url": "https://www.suse.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26961"
},
{
"cve": "CVE-2020-26965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26965"
}
],
"notes": [
{
"category": "general",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26965",
"url": "https://www.suse.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26965"
},
{
"cve": "CVE-2020-26966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26966"
}
],
"notes": [
{
"category": "general",
"text": "Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26966",
"url": "https://www.suse.com/security/cve/CVE-2020-26966"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26966"
},
{
"cve": "CVE-2020-26968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26968"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26968",
"url": "https://www.suse.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.5.0-lp152.2.33.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.5.0-lp152.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-22T12:04:16Z",
"details": "important"
}
],
"title": "CVE-2020-26968"
}
]
}
OPENSUSE-SU-2020:2031-1
Vulnerability from csaf_opensuse - Published: 2020-11-26 13:48 - Updated: 2020-11-26 13:48Summary
Security update for MozillaFirefox
Notes
Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
* CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
* CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
* CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956: XSS through paste (manual and clipboard API)
* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
* CVE-2020-26959: Use-after-free in WebRequestService
* CVE-2020-26960: Potential use-after-free in uses of nsTArray
* CVE-2020-15999: Heap buffer overflow in freetype
* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965: Software keyboards may have remembered typed passwords
* CVE-2020-26966: Single-word search queries were also broadcast to local network
* CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-2031
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n * CVE-2020-26956: XSS through paste (manual and clipboard API)\n * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n * CVE-2020-26959: Use-after-free in WebRequestService\n * CVE-2020-26960: Potential use-after-free in uses of nsTArray\n * CVE-2020-15999: Heap buffer overflow in freetype\n * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n * CVE-2020-26965: Software keyboards may have remembered typed passwords\n * CVE-2020-26966: Single-word search queries were also broadcast to local network\n * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2031",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2031-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2031-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KX646YBHO2LBCWJZORVE6CWXY2DMCYHR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2031-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KX646YBHO2LBCWJZORVE6CWXY2DMCYHR/"
},
{
"category": "self",
"summary": "SUSE Bug 1178824",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16012 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26951 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26956 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26958 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26959 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26960 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26961 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26965 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26966 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26968 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26968/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2020-11-26T13:48:42Z",
"generator": {
"date": "2020-11-26T13:48:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2031-1",
"initial_release_date": "2020-11-26T13:48:42Z",
"revision_history": [
{
"date": "2020-11-26T13:48:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"product": {
"name": "MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"product_id": "MozillaFirefox-78.5.0-lp151.2.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"product_id": "MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.5.0-lp151.2.79.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64"
},
"product_reference": "MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-16012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16012"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16012",
"url": "https://www.suse.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178894"
},
{
"category": "external",
"summary": "SUSE Bug 1178923 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-16012"
},
{
"cve": "CVE-2020-26951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26951"
}
],
"notes": [
{
"category": "general",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26951",
"url": "https://www.suse.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26951"
},
{
"cve": "CVE-2020-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26953"
}
],
"notes": [
{
"category": "general",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26953",
"url": "https://www.suse.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26953"
},
{
"cve": "CVE-2020-26956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26956"
}
],
"notes": [
{
"category": "general",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26956",
"url": "https://www.suse.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26956"
},
{
"cve": "CVE-2020-26958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26958"
}
],
"notes": [
{
"category": "general",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26958",
"url": "https://www.suse.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26958"
},
{
"cve": "CVE-2020-26959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26959"
}
],
"notes": [
{
"category": "general",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26959",
"url": "https://www.suse.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26959"
},
{
"cve": "CVE-2020-26960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26960"
}
],
"notes": [
{
"category": "general",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26960",
"url": "https://www.suse.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26960"
},
{
"cve": "CVE-2020-26961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26961"
}
],
"notes": [
{
"category": "general",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26961",
"url": "https://www.suse.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26961"
},
{
"cve": "CVE-2020-26965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26965"
}
],
"notes": [
{
"category": "general",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26965",
"url": "https://www.suse.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26965"
},
{
"cve": "CVE-2020-26966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26966"
}
],
"notes": [
{
"category": "general",
"text": "Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26966",
"url": "https://www.suse.com/security/cve/CVE-2020-26966"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26966"
},
{
"cve": "CVE-2020-26968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26968"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26968",
"url": "https://www.suse.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-78.5.0-lp151.2.79.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-78.5.0-lp151.2.79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-26T13:48:42Z",
"details": "important"
}
],
"title": "CVE-2020-26968"
}
]
}
OPENSUSE-SU-2020:2187-1
Vulnerability from csaf_opensuse - Published: 2020-12-07 11:05 - Updated: 2020-12-07 11:05Summary
Security update for MozillaThunderbird
Notes
Title of the patch
Security update for MozillaThunderbird
Description of the patch
This update for MozillaThunderbird fixes the following issues:
TODO
- Mozilla Thunderbird 78.5.0
* new: OpenPGP: Added option to disable attaching the public
key to a signed message (bmo#1654950)
* new: MailExtensions: 'compose_attachments' context added to
Menus API (bmo#1670822)
* new: MailExtensions: Menus API now available on displayed
messages (bmo#1670825)
* changed: MailExtensions: browser.tabs.create will now wait
for 'mail-delayed-startup-finished' event (bmo#1674407)
* fixed: OpenPGP: Support for inline PGP messages improved
(bmo#1672851)
* fixed: OpenPGP: Message security dialog showed unverified
keys as unavailable (bmo#1675285)
* fixed: Chat: New chat contact menu item did not function
(bmo#1663321)
* fixed: Various theme and usability improvements (bmo#1673861)
* fixed: Various security fixes
MFSA 2020-52 (bsc#1178894)
* CVE-2020-26951 (bmo#1667113)
Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
* CVE-2020-16012 (bmo#1642028)
Variable time processing of cross-origin images during
drawImage calls
* CVE-2020-26953 (bmo#1656741)
Fullscreen could be enabled without displaying the security UI
* CVE-2020-26956 (bmo#1666300)
XSS through paste (manual and clipboard API)
* CVE-2020-26958 (bmo#1669355)
Requests intercepted through ServiceWorkers lacked MIME type
restrictions
* CVE-2020-26959 (bmo#1669466)
Use-after-free in WebRequestService
* CVE-2020-26960 (bmo#1670358)
Potential use-after-free in uses of nsTArray
* CVE-2020-15999 (bmo#1672223)
Heap buffer overflow in freetype
* CVE-2020-26961 (bmo#1672528)
DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965 (bmo#1661617)
Software keyboards may have remembered typed passwords
* CVE-2020-26966 (bmo#1663571)
Single-word search queries were also broadcast to local
network
* CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
bmo#1671923)
Memory safety bugs fixed in Thunderbird 78.5
- Mozilla Thunderbird 78.4.3
* fixed: User interface was inconsistent when switching from
the default theme to the dark theme and back to the default
theme (bmo#1659282)
* fixed: Email subject would disappear when hovering over it
with the mouse when using Windows 7 Classic theme
(bmo#1675970)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-2187
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\n TODO\n- Mozilla Thunderbird 78.5.0\n * new: OpenPGP: Added option to disable attaching the public\n key to a signed message (bmo#1654950)\n * new: MailExtensions: \u0027compose_attachments\u0027 context added to\n Menus API (bmo#1670822)\n * new: MailExtensions: Menus API now available on displayed\n messages (bmo#1670825)\n * changed: MailExtensions: browser.tabs.create will now wait\n for \u0027mail-delayed-startup-finished\u0027 event (bmo#1674407)\n * fixed: OpenPGP: Support for inline PGP messages improved\n (bmo#1672851)\n * fixed: OpenPGP: Message security dialog showed unverified\n keys as unavailable (bmo#1675285)\n * fixed: Chat: New chat contact menu item did not function\n (bmo#1663321)\n * fixed: Various theme and usability improvements (bmo#1673861)\n * fixed: Various security fixes\n MFSA 2020-52 (bsc#1178894)\n * CVE-2020-26951 (bmo#1667113)\n Parsing mismatches could confuse and bypass security\n sanitizer for chrome privileged code\n * CVE-2020-16012 (bmo#1642028)\n Variable time processing of cross-origin images during\n drawImage calls\n * CVE-2020-26953 (bmo#1656741)\n Fullscreen could be enabled without displaying the security UI\n * CVE-2020-26956 (bmo#1666300)\n XSS through paste (manual and clipboard API)\n * CVE-2020-26958 (bmo#1669355)\n Requests intercepted through ServiceWorkers lacked MIME type\n restrictions\n * CVE-2020-26959 (bmo#1669466)\n Use-after-free in WebRequestService\n * CVE-2020-26960 (bmo#1670358)\n Potential use-after-free in uses of nsTArray\n * CVE-2020-15999 (bmo#1672223)\n Heap buffer overflow in freetype\n * CVE-2020-26961 (bmo#1672528)\n DoH did not filter IPv4 mapped IP Addresses\n * CVE-2020-26965 (bmo#1661617)\n Software keyboards may have remembered typed passwords\n * CVE-2020-26966 (bmo#1663571)\n Single-word search queries were also broadcast to local\n network\n * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,\n bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,\n bmo#1671923)\n Memory safety bugs fixed in Thunderbird 78.5\n\n- Mozilla Thunderbird 78.4.3 \n * fixed: User interface was inconsistent when switching from\n the default theme to the dark theme and back to the default\n theme (bmo#1659282)\n * fixed: Email subject would disappear when hovering over it\n with the mouse when using Windows 7 Classic theme\n (bmo#1675970)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2187",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2187-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2187-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXIRQKYZLZFQPPH6RZY4V3IIMPGHUT5V/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2187-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXIRQKYZLZFQPPH6RZY4V3IIMPGHUT5V/"
},
{
"category": "self",
"summary": "SUSE Bug 1178894",
"url": "https://bugzilla.suse.com/1178894"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16012 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26951 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26956 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26958 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26959 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26960 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26961 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26965 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26966 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26968 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26968/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2020-12-07T11:05:31Z",
"generator": {
"date": "2020-12-07T11:05:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2187-1",
"initial_release_date": "2020-12-07T11:05:31Z",
"revision_history": [
{
"date": "2020-12-07T11:05:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"product": {
"name": "MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"product_id": "MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64"
},
"product_reference": "MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-16012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16012"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16012",
"url": "https://www.suse.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178894"
},
{
"category": "external",
"summary": "SUSE Bug 1178923 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-16012"
},
{
"cve": "CVE-2020-26951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26951"
}
],
"notes": [
{
"category": "general",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26951",
"url": "https://www.suse.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26951"
},
{
"cve": "CVE-2020-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26953"
}
],
"notes": [
{
"category": "general",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26953",
"url": "https://www.suse.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26953"
},
{
"cve": "CVE-2020-26956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26956"
}
],
"notes": [
{
"category": "general",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26956",
"url": "https://www.suse.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26956"
},
{
"cve": "CVE-2020-26958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26958"
}
],
"notes": [
{
"category": "general",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26958",
"url": "https://www.suse.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26958"
},
{
"cve": "CVE-2020-26959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26959"
}
],
"notes": [
{
"category": "general",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26959",
"url": "https://www.suse.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26959"
},
{
"cve": "CVE-2020-26960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26960"
}
],
"notes": [
{
"category": "general",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26960",
"url": "https://www.suse.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26960"
},
{
"cve": "CVE-2020-26961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26961"
}
],
"notes": [
{
"category": "general",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26961",
"url": "https://www.suse.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26961"
},
{
"cve": "CVE-2020-26965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26965"
}
],
"notes": [
{
"category": "general",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26965",
"url": "https://www.suse.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26965"
},
{
"cve": "CVE-2020-26966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26966"
}
],
"notes": [
{
"category": "general",
"text": "Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26966",
"url": "https://www.suse.com/security/cve/CVE-2020-26966"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26966"
},
{
"cve": "CVE-2020-26968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26968"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26968",
"url": "https://www.suse.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaThunderbird-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1.x86_64",
"openSUSE Leap 15.1:MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:05:31Z",
"details": "important"
}
],
"title": "CVE-2020-26968"
}
]
}
OPENSUSE-SU-2024:10601-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaThunderbird-91.1.1-1.1 on GA media
Notes
Title of the patch
MozillaThunderbird-91.1.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the MozillaThunderbird-91.1.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10601
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaThunderbird-91.1.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaThunderbird-91.1.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10601",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10601-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3089 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3285 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3656 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3670 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3734 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3735 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3736 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3737 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3738 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0016 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1233 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1236 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-3835 page",
"url": "https://www.suse.com/security/cve/CVE-2008-3835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-4058 page",
"url": "https://www.suse.com/security/cve/CVE-2008-4058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-4061 page",
"url": "https://www.suse.com/security/cve/CVE-2008-4061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-4064 page",
"url": "https://www.suse.com/security/cve/CVE-2008-4064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-4065 page",
"url": "https://www.suse.com/security/cve/CVE-2008-4065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2008-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-4070 page",
"url": "https://www.suse.com/security/cve/CVE-2008-4070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5012 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5014 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5016 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5021 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5022 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5024 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5500 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5503 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5506 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5507 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5507/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5508 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5510 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5510/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5511 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5824 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9893 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9895 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9897 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9898 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9899 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9900 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9904 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9905 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16541 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5373 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5375 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5376 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5378 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5380 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5390 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5396 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5398 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5399 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5400 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5400/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5401 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5402 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5403 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5403/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5404 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5405 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5406 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5407 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5408 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5410 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5412 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5413 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5414 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5416 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5418 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5419 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5421 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5422 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5426 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5429 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5430 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5430/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5432 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5432/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5433 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5434 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5435 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5436 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5437 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5438 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5440 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5441 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5442 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5443 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5444 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5445 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5446 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5447 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5449 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5451 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5454 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5459 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5461 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5462 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5464 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5465 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5466 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5467 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5469 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5470 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5472 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7749 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7750 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7751 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7752 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7753 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7754 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7756 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7757 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7758 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7763 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7764 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7765 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7773 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7777 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7778 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7779 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7782 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7784 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7785 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7786 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7787 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7791 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7792 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7793 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7798 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7800 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7801 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7802 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7803 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7804 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7805 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7807 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7810 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7814 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7818 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7819 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7823 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7824 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7825 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7826 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7828 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7829 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7830 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7845 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7846 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7847 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7848 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12364 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12365 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12366 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12367 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12371 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12372 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12373 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12374 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12376 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12377 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12378 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12385 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12391 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18492 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18493 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18494 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18498 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18501 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18505 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18509 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18511 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5089 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5095 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5096 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5097 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5098 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5099 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5102 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5103 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5104 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5117 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5127 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5129 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5144 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5145 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5146 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5150 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5155 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5159 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5161 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5162 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5168 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5170 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5174 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5178 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5183 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5184 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5185 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5187 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11691 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11692 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11693 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11694 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11698 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11703 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11704 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11705 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11706 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11707 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11708 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11709 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11711 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11712 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11713 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11715 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11717 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11719 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11729 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11730 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11739 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11740 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11742 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11743 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11744 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11746 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11752 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11755 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11757 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11758 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11760 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11761 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11762 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11763 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11764 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13722 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17005 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17008 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17011 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17012 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17015 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17016 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17017 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17021 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17022 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17024 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17026 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20503 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5798 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9797 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9800 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9810 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9811 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9813 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9815 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9816 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9817 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9818 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9819 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9820 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12387 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12398 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12406 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12410 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12417 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12418 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12419 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12420 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12421 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15652 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15659 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15663 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15664 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15669 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15673 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15676 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15677 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15678 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15683 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15685 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15969 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15999 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16012 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16042 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16044 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26950 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26951 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26953 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26956 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26958 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26959 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26960 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26961 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26965 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26966 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26968 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26970 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26971 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26973 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26974 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26976 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26978 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35111 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35112 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35113 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6463 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6514 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6792 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6793 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6794 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6795 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6797 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6798 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6800 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6805 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6806 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6807 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6811 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6812 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6814 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6819 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6820 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6821 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6822 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6825 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-6831 page",
"url": "https://www.suse.com/security/cve/CVE-2020-6831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23953 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23954 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23960 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23961 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23964 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23978 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23981 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23982 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23984 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23987 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23991 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23993 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23994 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23995 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23998 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23999 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24002 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29945 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29946 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29948 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29956 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29957 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29964 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29967 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29984 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29985 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29986 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29988 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29989 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29991 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38492 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38495/"
}
],
"title": "MozillaThunderbird-91.1.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10601-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-91.1.1-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-91.1.1-1.1.aarch64",
"product_id": "MozillaThunderbird-91.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-91.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-91.1.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-91.1.1-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-91.1.1-1.1.ppc64le",
"product_id": "MozillaThunderbird-91.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"product_id": "MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-91.1.1-1.1.s390x",
"product": {
"name": "MozillaThunderbird-91.1.1-1.1.s390x",
"product_id": "MozillaThunderbird-91.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"product_id": "MozillaThunderbird-translations-common-91.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"product_id": "MozillaThunderbird-translations-other-91.1.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-91.1.1-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-91.1.1-1.1.x86_64",
"product_id": "MozillaThunderbird-91.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-91.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-91.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-91.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-91.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-91.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-91.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x"
},
"product_reference": "MozillaThunderbird-91.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-91.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-91.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-91.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-91.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-91.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-3089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3089"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the \"promiscuous IFRAME access bug,\" a related issue to CVE-2006-4568.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3089",
"url": "https://www.suse.com/security/cve/CVE-2007-3089"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3089",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-3089"
},
{
"cve": "CVE-2007-3285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3285"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3285",
"url": "https://www.suse.com/security/cve/CVE-2007-3285"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3285",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3285"
},
{
"cve": "CVE-2007-3656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3656"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3656",
"url": "https://www.suse.com/security/cve/CVE-2007-3656"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3656",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3656"
},
{
"cve": "CVE-2007-3670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3670"
}
],
"notes": [
{
"category": "general",
"text": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3670",
"url": "https://www.suse.com/security/cve/CVE-2007-3670"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3670",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3670"
},
{
"cve": "CVE-2007-3734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3734"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3734",
"url": "https://www.suse.com/security/cve/CVE-2007-3734"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3734",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3734"
},
{
"cve": "CVE-2007-3735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3735"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3735",
"url": "https://www.suse.com/security/cve/CVE-2007-3735"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3735",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3735"
},
{
"cve": "CVE-2007-3736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3736"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script \"into another site\u0027s context\" via a \"timing issue\" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3736",
"url": "https://www.suse.com/security/cve/CVE-2007-3736"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3736",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3736"
},
{
"cve": "CVE-2007-3737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3737"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified \"element outside of a document.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3737",
"url": "https://www.suse.com/security/cve/CVE-2007-3737"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3737",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3737"
},
{
"cve": "CVE-2007-3738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3738"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3738",
"url": "https://www.suse.com/security/cve/CVE-2007-3738"
},
{
"category": "external",
"summary": "SUSE Bug 288115 for CVE-2007-3738",
"url": "https://bugzilla.suse.com/288115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-3738"
},
{
"cve": "CVE-2008-0016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0016"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0016",
"url": "https://www.suse.com/security/cve/CVE-2008-0016"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-0016",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0016"
},
{
"cve": "CVE-2008-1233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1233"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via \"XPCNativeWrapper pollution.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1233",
"url": "https://www.suse.com/security/cve/CVE-2008-1233"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2008-1233",
"url": "https://bugzilla.suse.com/370353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1233"
},
{
"cve": "CVE-2008-1236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1236"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1236",
"url": "https://www.suse.com/security/cve/CVE-2008-1236"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2008-1236",
"url": "https://bugzilla.suse.com/370353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1236"
},
{
"cve": "CVE-2008-3835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-3835"
}
],
"notes": [
{
"category": "general",
"text": "The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-3835",
"url": "https://www.suse.com/security/cve/CVE-2008-3835"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-3835",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-3835"
},
{
"cve": "CVE-2008-4058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-4058"
}
],
"notes": [
{
"category": "general",
"text": "The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-4058",
"url": "https://www.suse.com/security/cve/CVE-2008-4058"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-4058",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-4058"
},
{
"cve": "CVE-2008-4061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-4061"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-4061",
"url": "https://www.suse.com/security/cve/CVE-2008-4061"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-4061",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-4061"
},
{
"cve": "CVE-2008-4064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-4064"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-4064",
"url": "https://www.suse.com/security/cve/CVE-2008-4064"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-4064",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-4064"
},
{
"cve": "CVE-2008-4065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-4065"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka \"Stripped BOM characters bug.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-4065",
"url": "https://www.suse.com/security/cve/CVE-2008-4065"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-4065",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-4065"
},
{
"cve": "CVE-2008-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-4067"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-4067",
"url": "https://www.suse.com/security/cve/CVE-2008-4067"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-4067",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-4067"
},
{
"cve": "CVE-2008-4070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-4070"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to \"canceling [a] newsgroup message\" and \"cancelled newsgroup messages.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-4070",
"url": "https://www.suse.com/security/cve/CVE-2008-4070"
},
{
"category": "external",
"summary": "SUSE Bug 429179 for CVE-2008-4070",
"url": "https://bugzilla.suse.com/429179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-4070"
},
{
"cve": "CVE-2008-5012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5012"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5012",
"url": "https://www.suse.com/security/cve/CVE-2008-5012"
},
{
"category": "external",
"summary": "SUSE Bug 439841 for CVE-2008-5012",
"url": "https://bugzilla.suse.com/439841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-5012"
},
{
"cve": "CVE-2008-5014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5014"
}
],
"notes": [
{
"category": "general",
"text": "jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5014",
"url": "https://www.suse.com/security/cve/CVE-2008-5014"
},
{
"category": "external",
"summary": "SUSE Bug 439841 for CVE-2008-5014",
"url": "https://bugzilla.suse.com/439841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5014"
},
{
"cve": "CVE-2008-5016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5016"
}
],
"notes": [
{
"category": "general",
"text": "The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5016",
"url": "https://www.suse.com/security/cve/CVE-2008-5016"
},
{
"category": "external",
"summary": "SUSE Bug 439841 for CVE-2008-5016",
"url": "https://bugzilla.suse.com/439841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-5016"
},
{
"cve": "CVE-2008-5021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5021"
}
],
"notes": [
{
"category": "general",
"text": "nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5021",
"url": "https://www.suse.com/security/cve/CVE-2008-5021"
},
{
"category": "external",
"summary": "SUSE Bug 439841 for CVE-2008-5021",
"url": "https://bugzilla.suse.com/439841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5021"
},
{
"cve": "CVE-2008-5022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5022"
}
],
"notes": [
{
"category": "general",
"text": "The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5022",
"url": "https://www.suse.com/security/cve/CVE-2008-5022"
},
{
"category": "external",
"summary": "SUSE Bug 439841 for CVE-2008-5022",
"url": "https://bugzilla.suse.com/439841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-5022"
},
{
"cve": "CVE-2008-5024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5024"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5024",
"url": "https://www.suse.com/security/cve/CVE-2008-5024"
},
{
"category": "external",
"summary": "SUSE Bug 439841 for CVE-2008-5024",
"url": "https://bugzilla.suse.com/439841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2008-5024"
},
{
"cve": "CVE-2008-5500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5500"
}
],
"notes": [
{
"category": "general",
"text": "The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5500",
"url": "https://www.suse.com/security/cve/CVE-2008-5500"
},
{
"category": "external",
"summary": "SUSE Bug 455804 for CVE-2008-5500",
"url": "https://bugzilla.suse.com/455804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5500"
},
{
"cve": "CVE-2008-5503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5503"
}
],
"notes": [
{
"category": "general",
"text": "The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5503",
"url": "https://www.suse.com/security/cve/CVE-2008-5503"
},
{
"category": "external",
"summary": "SUSE Bug 455804 for CVE-2008-5503",
"url": "https://bugzilla.suse.com/455804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5503"
},
{
"cve": "CVE-2008-5506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5506"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka \"response disclosure.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5506",
"url": "https://www.suse.com/security/cve/CVE-2008-5506"
},
{
"category": "external",
"summary": "SUSE Bug 455804 for CVE-2008-5506",
"url": "https://bugzilla.suse.com/455804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5506"
},
{
"cve": "CVE-2008-5507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5507"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5507",
"url": "https://www.suse.com/security/cve/CVE-2008-5507"
},
{
"category": "external",
"summary": "SUSE Bug 455804 for CVE-2008-5507",
"url": "https://bugzilla.suse.com/455804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5507"
},
{
"cve": "CVE-2008-5508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5508"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5508",
"url": "https://www.suse.com/security/cve/CVE-2008-5508"
},
{
"category": "external",
"summary": "SUSE Bug 455804 for CVE-2008-5508",
"url": "https://bugzilla.suse.com/455804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5508"
},
{
"cve": "CVE-2008-5510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5510"
}
],
"notes": [
{
"category": "general",
"text": "The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the \u0027\\0\u0027 escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5510",
"url": "https://www.suse.com/security/cve/CVE-2008-5510"
},
{
"category": "external",
"summary": "SUSE Bug 455804 for CVE-2008-5510",
"url": "https://bugzilla.suse.com/455804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5510"
},
{
"cve": "CVE-2008-5511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5511"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an \"unloaded document.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5511",
"url": "https://www.suse.com/security/cve/CVE-2008-5511"
},
{
"category": "external",
"summary": "SUSE Bug 455804 for CVE-2008-5511",
"url": "https://bugzilla.suse.com/455804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-5511"
},
{
"cve": "CVE-2016-5824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5824"
}
],
"notes": [
{
"category": "general",
"text": "libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5824",
"url": "https://www.suse.com/security/cve/CVE-2016-5824"
},
{
"category": "external",
"summary": "SUSE Bug 1015964 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1015964"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986631 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986631"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986639"
},
{
"category": "external",
"summary": "SUSE Bug 986642 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986642"
},
{
"category": "external",
"summary": "SUSE Bug 986658 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5824"
},
{
"cve": "CVE-2016-9893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9893"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9893",
"url": "https://www.suse.com/security/cve/CVE-2016-9893"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9893",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9893"
},
{
"cve": "CVE-2016-9895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9895"
}
],
"notes": [
{
"category": "general",
"text": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9895",
"url": "https://www.suse.com/security/cve/CVE-2016-9895"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9895",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9895"
},
{
"cve": "CVE-2016-9897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9897"
}
],
"notes": [
{
"category": "general",
"text": "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9897",
"url": "https://www.suse.com/security/cve/CVE-2016-9897"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9897",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9897"
},
{
"cve": "CVE-2016-9898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9898"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9898",
"url": "https://www.suse.com/security/cve/CVE-2016-9898"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9898",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9898"
},
{
"cve": "CVE-2016-9899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9899"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9899",
"url": "https://www.suse.com/security/cve/CVE-2016-9899"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9899",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9899"
},
{
"cve": "CVE-2016-9900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9900"
}
],
"notes": [
{
"category": "general",
"text": "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9900",
"url": "https://www.suse.com/security/cve/CVE-2016-9900"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9900",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9900"
},
{
"cve": "CVE-2016-9904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9904"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9904",
"url": "https://www.suse.com/security/cve/CVE-2016-9904"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9904",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9904"
},
{
"cve": "CVE-2016-9905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9905"
}
],
"notes": [
{
"category": "general",
"text": "A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR \u003c 45.6 and Thunderbird \u003c 45.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9905",
"url": "https://www.suse.com/security/cve/CVE-2016-9905"
},
{
"category": "external",
"summary": "SUSE Bug 1015422 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015422"
},
{
"category": "external",
"summary": "SUSE Bug 1015527 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015527"
},
{
"category": "external",
"summary": "SUSE Bug 1015528 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015528"
},
{
"category": "external",
"summary": "SUSE Bug 1015529 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015529"
},
{
"category": "external",
"summary": "SUSE Bug 1015530 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015530"
},
{
"category": "external",
"summary": "SUSE Bug 1015531 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015531"
},
{
"category": "external",
"summary": "SUSE Bug 1015533 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015533"
},
{
"category": "external",
"summary": "SUSE Bug 1015534 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015534"
},
{
"category": "external",
"summary": "SUSE Bug 1015535 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015535"
},
{
"category": "external",
"summary": "SUSE Bug 1015536 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015536"
},
{
"category": "external",
"summary": "SUSE Bug 1015537 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015537"
},
{
"category": "external",
"summary": "SUSE Bug 1015538 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015538"
},
{
"category": "external",
"summary": "SUSE Bug 1015540 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015540"
},
{
"category": "external",
"summary": "SUSE Bug 1015541 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015541"
},
{
"category": "external",
"summary": "SUSE Bug 1015542 for CVE-2016-9905",
"url": "https://bugzilla.suse.com/1015542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9905"
},
{
"cve": "CVE-2017-16541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16541"
}
],
"notes": [
{
"category": "general",
"text": "Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16541",
"url": "https://www.suse.com/security/cve/CVE-2017-16541"
},
{
"category": "external",
"summary": "SUSE Bug 1066489 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1066489"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16541"
},
{
"cve": "CVE-2017-5373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5373"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5373",
"url": "https://www.suse.com/security/cve/CVE-2017-5373"
},
{
"category": "external",
"summary": "SUSE Bug 1021824 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021824"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5373"
},
{
"cve": "CVE-2017-5375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5375"
}
],
"notes": [
{
"category": "general",
"text": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5375",
"url": "https://www.suse.com/security/cve/CVE-2017-5375"
},
{
"category": "external",
"summary": "SUSE Bug 1021814 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021814"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5375"
},
{
"cve": "CVE-2017-5376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5376"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5376",
"url": "https://www.suse.com/security/cve/CVE-2017-5376"
},
{
"category": "external",
"summary": "SUSE Bug 1021817 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021817"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5376"
},
{
"cve": "CVE-2017-5378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5378"
}
],
"notes": [
{
"category": "general",
"text": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\u0027s address can be discovered through hash codes, and also allows for data leakage of an object\u0027s content using these hash codes. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5378",
"url": "https://www.suse.com/security/cve/CVE-2017-5378"
},
{
"category": "external",
"summary": "SUSE Bug 1021818 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021818"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5378"
},
{
"cve": "CVE-2017-5380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5380"
}
],
"notes": [
{
"category": "general",
"text": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5380",
"url": "https://www.suse.com/security/cve/CVE-2017-5380"
},
{
"category": "external",
"summary": "SUSE Bug 1021819 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021819"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5380"
},
{
"cve": "CVE-2017-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5383"
}
],
"notes": [
{
"category": "general",
"text": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5383",
"url": "https://www.suse.com/security/cve/CVE-2017-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1021822 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021822"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5383"
},
{
"cve": "CVE-2017-5390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5390"
}
],
"notes": [
{
"category": "general",
"text": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5390",
"url": "https://www.suse.com/security/cve/CVE-2017-5390"
},
{
"category": "external",
"summary": "SUSE Bug 1021820 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021820"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5390"
},
{
"cve": "CVE-2017-5396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5396"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5396",
"url": "https://www.suse.com/security/cve/CVE-2017-5396"
},
{
"category": "external",
"summary": "SUSE Bug 1021821 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021821"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5396"
},
{
"cve": "CVE-2017-5398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5398"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5398",
"url": "https://www.suse.com/security/cve/CVE-2017-5398"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5398",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5398",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5398"
},
{
"cve": "CVE-2017-5399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5399"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5399",
"url": "https://www.suse.com/security/cve/CVE-2017-5399"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5399",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5399",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5399"
},
{
"cve": "CVE-2017-5400",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5400"
}
],
"notes": [
{
"category": "general",
"text": "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5400",
"url": "https://www.suse.com/security/cve/CVE-2017-5400"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5400",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5400",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5400"
},
{
"cve": "CVE-2017-5401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5401"
}
],
"notes": [
{
"category": "general",
"text": "A crash triggerable by web content in which an \"ErrorResult\" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5401",
"url": "https://www.suse.com/security/cve/CVE-2017-5401"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5401",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5401",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5401"
},
{
"cve": "CVE-2017-5402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5402"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5402",
"url": "https://www.suse.com/security/cve/CVE-2017-5402"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5402",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5402",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5402"
},
{
"cve": "CVE-2017-5403",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5403"
}
],
"notes": [
{
"category": "general",
"text": "When adding a range to an object in the DOM, it is possible to use \"addRange\" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5403",
"url": "https://www.suse.com/security/cve/CVE-2017-5403"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5403",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5403",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5403"
},
{
"cve": "CVE-2017-5404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5404"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5404",
"url": "https://www.suse.com/security/cve/CVE-2017-5404"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5404",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5404",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5404"
},
{
"cve": "CVE-2017-5405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5405"
}
],
"notes": [
{
"category": "general",
"text": "Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5405",
"url": "https://www.suse.com/security/cve/CVE-2017-5405"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5405",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5405",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5405"
},
{
"cve": "CVE-2017-5406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5406"
}
],
"notes": [
{
"category": "general",
"text": "A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5406",
"url": "https://www.suse.com/security/cve/CVE-2017-5406"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5406",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5406",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5406"
},
{
"cve": "CVE-2017-5407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5407"
}
],
"notes": [
{
"category": "general",
"text": "Using SVG filters that don\u0027t use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5407",
"url": "https://www.suse.com/security/cve/CVE-2017-5407"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5407",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5407",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5407"
},
{
"cve": "CVE-2017-5408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5408"
}
],
"notes": [
{
"category": "general",
"text": "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5408",
"url": "https://www.suse.com/security/cve/CVE-2017-5408"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5408",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5408",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5408"
},
{
"cve": "CVE-2017-5410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5410"
}
],
"notes": [
{
"category": "general",
"text": "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox \u003c 52, Firefox ESR \u003c 45.8, Thunderbird \u003c 52, and Thunderbird \u003c 45.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5410",
"url": "https://www.suse.com/security/cve/CVE-2017-5410"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5410",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5410",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5410"
},
{
"cve": "CVE-2017-5412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5412"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5412",
"url": "https://www.suse.com/security/cve/CVE-2017-5412"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5412",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5412",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5412"
},
{
"cve": "CVE-2017-5413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5413"
}
],
"notes": [
{
"category": "general",
"text": "A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5413",
"url": "https://www.suse.com/security/cve/CVE-2017-5413"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5413",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5413",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5413"
},
{
"cve": "CVE-2017-5414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5414"
}
],
"notes": [
{
"category": "general",
"text": "The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5414",
"url": "https://www.suse.com/security/cve/CVE-2017-5414"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5414",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5414",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5414"
},
{
"cve": "CVE-2017-5416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5416"
}
],
"notes": [
{
"category": "general",
"text": "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5416",
"url": "https://www.suse.com/security/cve/CVE-2017-5416"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5416",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5416",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5416"
},
{
"cve": "CVE-2017-5418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5418"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5418",
"url": "https://www.suse.com/security/cve/CVE-2017-5418"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5418",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5418",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5418"
},
{
"cve": "CVE-2017-5419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5419"
}
],
"notes": [
{
"category": "general",
"text": "If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5419",
"url": "https://www.suse.com/security/cve/CVE-2017-5419"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5419",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5419",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5419"
},
{
"cve": "CVE-2017-5421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5421"
}
],
"notes": [
{
"category": "general",
"text": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5421",
"url": "https://www.suse.com/security/cve/CVE-2017-5421"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5421",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5421",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5421"
},
{
"cve": "CVE-2017-5422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5422"
}
],
"notes": [
{
"category": "general",
"text": "If a malicious site uses the \"view-source:\" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making \"view-source:\" linkable. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5422",
"url": "https://www.suse.com/security/cve/CVE-2017-5422"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5422",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5422",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5422"
},
{
"cve": "CVE-2017-5426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5426"
}
],
"notes": [
{
"category": "general",
"text": "On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5426",
"url": "https://www.suse.com/security/cve/CVE-2017-5426"
},
{
"category": "external",
"summary": "SUSE Bug 1028391 for CVE-2017-5426",
"url": "https://bugzilla.suse.com/1028391"
},
{
"category": "external",
"summary": "SUSE Bug 1028393 for CVE-2017-5426",
"url": "https://bugzilla.suse.com/1028393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5426"
},
{
"cve": "CVE-2017-5429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5429"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5429",
"url": "https://www.suse.com/security/cve/CVE-2017-5429"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5429",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5429",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5429"
},
{
"cve": "CVE-2017-5430",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5430"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5430",
"url": "https://www.suse.com/security/cve/CVE-2017-5430"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5430",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5430",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5430"
},
{
"cve": "CVE-2017-5432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5432"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5432",
"url": "https://www.suse.com/security/cve/CVE-2017-5432"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5432",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5432",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5432"
},
{
"cve": "CVE-2017-5433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5433"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5433",
"url": "https://www.suse.com/security/cve/CVE-2017-5433"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5433",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5433",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5433"
},
{
"cve": "CVE-2017-5434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5434"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5434",
"url": "https://www.suse.com/security/cve/CVE-2017-5434"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5434",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5434",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5434"
},
{
"cve": "CVE-2017-5435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5435"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5435",
"url": "https://www.suse.com/security/cve/CVE-2017-5435"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5435",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5435",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5435"
},
{
"cve": "CVE-2017-5436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5436"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5436",
"url": "https://www.suse.com/security/cve/CVE-2017-5436"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5436",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035204 for CVE-2017-5436",
"url": "https://bugzilla.suse.com/1035204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5436"
},
{
"cve": "CVE-2017-5437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5437"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a duplicate of CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. Notes: All CVE users should reference CVE-2016-10195, CVE-2016-10196, and/or CVE-2016-10197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5437",
"url": "https://www.suse.com/security/cve/CVE-2017-5437"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5437",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5437",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5437"
},
{
"cve": "CVE-2017-5438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5438"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5438",
"url": "https://www.suse.com/security/cve/CVE-2017-5438"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5438",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5438",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5438"
},
{
"cve": "CVE-2017-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5439"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5439",
"url": "https://www.suse.com/security/cve/CVE-2017-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5439",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5439",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5439"
},
{
"cve": "CVE-2017-5440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5440"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5440",
"url": "https://www.suse.com/security/cve/CVE-2017-5440"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5440",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5440",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5440"
},
{
"cve": "CVE-2017-5441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5441"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5441",
"url": "https://www.suse.com/security/cve/CVE-2017-5441"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5441",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5441",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5441"
},
{
"cve": "CVE-2017-5442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5442"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5442",
"url": "https://www.suse.com/security/cve/CVE-2017-5442"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5442",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5442",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5442"
},
{
"cve": "CVE-2017-5443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5443"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5443",
"url": "https://www.suse.com/security/cve/CVE-2017-5443"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5443",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5443",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5443"
},
{
"cve": "CVE-2017-5444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5444"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow vulnerability while parsing \"application/http-index-format\" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5444",
"url": "https://www.suse.com/security/cve/CVE-2017-5444"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5444",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5444",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5444"
},
{
"cve": "CVE-2017-5445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5445"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability while parsing \"application/http-index-format\" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5445",
"url": "https://www.suse.com/security/cve/CVE-2017-5445"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5445",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5445",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5445"
},
{
"cve": "CVE-2017-5446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5446"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read when an HTTP/2 connection to a servers sends \"DATA\" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5446",
"url": "https://www.suse.com/security/cve/CVE-2017-5446"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5446",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5446",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5446"
},
{
"cve": "CVE-2017-5447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5447"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5447",
"url": "https://www.suse.com/security/cve/CVE-2017-5447"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5447",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5447",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5447"
},
{
"cve": "CVE-2017-5449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5449"
}
],
"notes": [
{
"category": "general",
"text": "A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5449",
"url": "https://www.suse.com/security/cve/CVE-2017-5449"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5449",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5449",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5449"
},
{
"cve": "CVE-2017-5451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5451"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5451",
"url": "https://www.suse.com/security/cve/CVE-2017-5451"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5451",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5451",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5451"
},
{
"cve": "CVE-2017-5454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5454"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5454",
"url": "https://www.suse.com/security/cve/CVE-2017-5454"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5454",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5454",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-5454"
},
{
"cve": "CVE-2017-5459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5459"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5459",
"url": "https://www.suse.com/security/cve/CVE-2017-5459"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5459",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5459",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5459"
},
{
"cve": "CVE-2017-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5460"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5460",
"url": "https://www.suse.com/security/cve/CVE-2017-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5460",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5460",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5460"
},
{
"cve": "CVE-2017-5461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5461"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5461",
"url": "https://www.suse.com/security/cve/CVE-2017-5461"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5461",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5461",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5461"
},
{
"cve": "CVE-2017-5462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5462"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5462",
"url": "https://www.suse.com/security/cve/CVE-2017-5462"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5462",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5462",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5462"
},
{
"cve": "CVE-2017-5464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5464"
}
],
"notes": [
{
"category": "general",
"text": "During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5464",
"url": "https://www.suse.com/security/cve/CVE-2017-5464"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5464",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5464",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5464"
},
{
"cve": "CVE-2017-5465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5465"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5465",
"url": "https://www.suse.com/security/cve/CVE-2017-5465"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5465",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5465",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5465"
},
{
"cve": "CVE-2017-5466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5466"
}
],
"notes": [
{
"category": "general",
"text": "If a page is loaded from an original site through a hyperlink and contains a redirect to a \"data:text/html\" URL, triggering a reload will run the reloaded \"data:text/html\" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5466",
"url": "https://www.suse.com/security/cve/CVE-2017-5466"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5466",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5466",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5466"
},
{
"cve": "CVE-2017-5467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5467"
}
],
"notes": [
{
"category": "general",
"text": "A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5467",
"url": "https://www.suse.com/security/cve/CVE-2017-5467"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5467",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5467",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5467"
},
{
"cve": "CVE-2017-5469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5469"
}
],
"notes": [
{
"category": "general",
"text": "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5469",
"url": "https://www.suse.com/security/cve/CVE-2017-5469"
},
{
"category": "external",
"summary": "SUSE Bug 1035082 for CVE-2017-5469",
"url": "https://bugzilla.suse.com/1035082"
},
{
"category": "external",
"summary": "SUSE Bug 1035209 for CVE-2017-5469",
"url": "https://bugzilla.suse.com/1035209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5469"
},
{
"cve": "CVE-2017-5470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5470"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5470",
"url": "https://www.suse.com/security/cve/CVE-2017-5470"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5470"
},
{
"cve": "CVE-2017-5472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5472"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5472",
"url": "https://www.suse.com/security/cve/CVE-2017-5472"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5472"
},
{
"cve": "CVE-2017-7749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7749"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7749",
"url": "https://www.suse.com/security/cve/CVE-2017-7749"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7749"
},
{
"cve": "CVE-2017-7750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7750"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during video control operations when a \"\u003ctrack\u003e\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7750",
"url": "https://www.suse.com/security/cve/CVE-2017-7750"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7750"
},
{
"cve": "CVE-2017-7751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7751"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7751",
"url": "https://www.suse.com/security/cve/CVE-2017-7751"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7751"
},
{
"cve": "CVE-2017-7752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7752"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7752",
"url": "https://www.suse.com/security/cve/CVE-2017-7752"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7752"
},
{
"cve": "CVE-2017-7753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7753"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7753",
"url": "https://www.suse.com/security/cve/CVE-2017-7753"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7753",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7753"
},
{
"cve": "CVE-2017-7754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7754"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7754",
"url": "https://www.suse.com/security/cve/CVE-2017-7754"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7754"
},
{
"cve": "CVE-2017-7756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7756"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7756",
"url": "https://www.suse.com/security/cve/CVE-2017-7756"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7756"
},
{
"cve": "CVE-2017-7757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7757"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7757",
"url": "https://www.suse.com/security/cve/CVE-2017-7757"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7757"
},
{
"cve": "CVE-2017-7758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7758"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7758",
"url": "https://www.suse.com/security/cve/CVE-2017-7758"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7758"
},
{
"cve": "CVE-2017-7763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7763"
}
],
"notes": [
{
"category": "general",
"text": "Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7763",
"url": "https://www.suse.com/security/cve/CVE-2017-7763"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7763"
},
{
"cve": "CVE-2017-7764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7764"
}
],
"notes": [
{
"category": "general",
"text": "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7764",
"url": "https://www.suse.com/security/cve/CVE-2017-7764"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7764"
},
{
"cve": "CVE-2017-7765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7765"
}
],
"notes": [
{
"category": "general",
"text": "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7765",
"url": "https://www.suse.com/security/cve/CVE-2017-7765"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7765"
},
{
"cve": "CVE-2017-7773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7773"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7773",
"url": "https://www.suse.com/security/cve/CVE-2017-7773"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7773"
},
{
"cve": "CVE-2017-7777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7777"
}
],
"notes": [
{
"category": "general",
"text": "Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7777",
"url": "https://www.suse.com/security/cve/CVE-2017-7777"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7777"
},
{
"cve": "CVE-2017-7778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7778"
}
],
"notes": [
{
"category": "general",
"text": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7778",
"url": "https://www.suse.com/security/cve/CVE-2017-7778"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7778"
},
{
"cve": "CVE-2017-7779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7779"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7779",
"url": "https://www.suse.com/security/cve/CVE-2017-7779"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7779",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7779"
},
{
"cve": "CVE-2017-7782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7782"
}
],
"notes": [
{
"category": "general",
"text": "An error in the \"WindowsDllDetourPatcher\" where a RWX (\"Read/Write/Execute\") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7782",
"url": "https://www.suse.com/security/cve/CVE-2017-7782"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7782",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7782"
},
{
"cve": "CVE-2017-7784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7784"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7784",
"url": "https://www.suse.com/security/cve/CVE-2017-7784"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7784",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7784"
},
{
"cve": "CVE-2017-7785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7785"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7785",
"url": "https://www.suse.com/security/cve/CVE-2017-7785"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7785",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7785"
},
{
"cve": "CVE-2017-7786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7786",
"url": "https://www.suse.com/security/cve/CVE-2017-7786"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7786",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7786"
},
{
"cve": "CVE-2017-7787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7787"
}
],
"notes": [
{
"category": "general",
"text": "Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7787",
"url": "https://www.suse.com/security/cve/CVE-2017-7787"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7787",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7787"
},
{
"cve": "CVE-2017-7791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7791"
}
],
"notes": [
{
"category": "general",
"text": "On pages containing an iframe, the \"data:\" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7791",
"url": "https://www.suse.com/security/cve/CVE-2017-7791"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7791",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7791"
},
{
"cve": "CVE-2017-7792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7792"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7792",
"url": "https://www.suse.com/security/cve/CVE-2017-7792"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7792",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7792"
},
{
"cve": "CVE-2017-7793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7793"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7793",
"url": "https://www.suse.com/security/cve/CVE-2017-7793"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7793",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7793"
},
{
"cve": "CVE-2017-7798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7798"
}
],
"notes": [
{
"category": "general",
"text": "The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR \u003c 52.3 and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7798",
"url": "https://www.suse.com/security/cve/CVE-2017-7798"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7798",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7798"
},
{
"cve": "CVE-2017-7800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7800"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7800",
"url": "https://www.suse.com/security/cve/CVE-2017-7800"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7800",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7800"
},
{
"cve": "CVE-2017-7801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7801"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7801",
"url": "https://www.suse.com/security/cve/CVE-2017-7801"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7801",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7801"
},
{
"cve": "CVE-2017-7802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7802"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7802",
"url": "https://www.suse.com/security/cve/CVE-2017-7802"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7802",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7802"
},
{
"cve": "CVE-2017-7803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7803"
}
],
"notes": [
{
"category": "general",
"text": "When a page\u0027s content security policy (CSP) header contains a \"sandbox\" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7803",
"url": "https://www.suse.com/security/cve/CVE-2017-7803"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7803",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7803"
},
{
"cve": "CVE-2017-7804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7804"
}
],
"notes": [
{
"category": "general",
"text": "The destructor function for the \"WindowsDllDetourPatcher\" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7804",
"url": "https://www.suse.com/security/cve/CVE-2017-7804"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7804",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7804"
},
{
"cve": "CVE-2017-7805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7805"
}
],
"notes": [
{
"category": "general",
"text": "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7805",
"url": "https://www.suse.com/security/cve/CVE-2017-7805"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7805",
"url": "https://bugzilla.suse.com/1060445"
},
{
"category": "external",
"summary": "SUSE Bug 1061005 for CVE-2017-7805",
"url": "https://bugzilla.suse.com/1061005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7805"
},
{
"cve": "CVE-2017-7807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7807"
}
],
"notes": [
{
"category": "general",
"text": "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7807",
"url": "https://www.suse.com/security/cve/CVE-2017-7807"
},
{
"category": "external",
"summary": "SUSE Bug 1052829 for CVE-2017-7807",
"url": "https://bugzilla.suse.com/1052829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7807"
},
{
"cve": "CVE-2017-7810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7810"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7810",
"url": "https://www.suse.com/security/cve/CVE-2017-7810"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7810",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7810"
},
{
"cve": "CVE-2017-7814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7814"
}
],
"notes": [
{
"category": "general",
"text": "File downloads encoded with \"blob:\" and \"data:\" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7814",
"url": "https://www.suse.com/security/cve/CVE-2017-7814"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7814",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7814"
},
{
"cve": "CVE-2017-7818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7818"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7818",
"url": "https://www.suse.com/security/cve/CVE-2017-7818"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7818",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7818"
},
{
"cve": "CVE-2017-7819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7819"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7819",
"url": "https://www.suse.com/security/cve/CVE-2017-7819"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7819",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7819"
},
{
"cve": "CVE-2017-7823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7823"
}
],
"notes": [
{
"category": "general",
"text": "The content security policy (CSP) \"sandbox\" directive did not create a unique origin for the document, causing it to behave as if the \"allow-same-origin\" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7823",
"url": "https://www.suse.com/security/cve/CVE-2017-7823"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7823",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7823"
},
{
"cve": "CVE-2017-7824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7824"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7824",
"url": "https://www.suse.com/security/cve/CVE-2017-7824"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7824",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7824"
},
{
"cve": "CVE-2017-7825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7825"
}
],
"notes": [
{
"category": "general",
"text": "Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 56, Firefox ESR \u003c 52.4, and Thunderbird \u003c 52.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7825",
"url": "https://www.suse.com/security/cve/CVE-2017-7825"
},
{
"category": "external",
"summary": "SUSE Bug 1060445 for CVE-2017-7825",
"url": "https://bugzilla.suse.com/1060445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7825"
},
{
"cve": "CVE-2017-7826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7826"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 57, Firefox ESR \u003c 52.5, and Thunderbird \u003c 52.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7826",
"url": "https://www.suse.com/security/cve/CVE-2017-7826"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7826",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7826"
},
{
"cve": "CVE-2017-7828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7828"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox \u003c 57, Firefox ESR \u003c 52.5, and Thunderbird \u003c 52.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7828",
"url": "https://www.suse.com/security/cve/CVE-2017-7828"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7828",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7828"
},
{
"cve": "CVE-2017-7829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7829"
}
],
"notes": [
{
"category": "general",
"text": "It is possible to spoof the sender\u0027s email address and display an arbitrary sender address to the email recipient. The real sender\u0027s address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird \u003c 52.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7829",
"url": "https://www.suse.com/security/cve/CVE-2017-7829"
},
{
"category": "external",
"summary": "SUSE Bug 1071236 for CVE-2017-7829",
"url": "https://bugzilla.suse.com/1071236"
},
{
"category": "external",
"summary": "SUSE Bug 1074046 for CVE-2017-7829",
"url": "https://bugzilla.suse.com/1074046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7829"
},
{
"cve": "CVE-2017-7830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7830"
}
],
"notes": [
{
"category": "general",
"text": "The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox \u003c 57, Firefox ESR \u003c 52.5, and Thunderbird \u003c 52.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7830",
"url": "https://www.suse.com/security/cve/CVE-2017-7830"
},
{
"category": "external",
"summary": "SUSE Bug 1068101 for CVE-2017-7830",
"url": "https://bugzilla.suse.com/1068101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7830"
},
{
"cve": "CVE-2017-7845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7845"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird \u003c 52.5.2, Firefox ESR \u003c 52.5.2, and Firefox \u003c 57.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7845",
"url": "https://www.suse.com/security/cve/CVE-2017-7845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-7845"
},
{
"cve": "CVE-2017-7846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7846"
}
],
"notes": [
{
"category": "general",
"text": "It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via \"View -\u003e Feed article -\u003e Website\" or in the standard format of \"View -\u003e Feed article -\u003e default format\". This vulnerability affects Thunderbird \u003c 52.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7846",
"url": "https://www.suse.com/security/cve/CVE-2017-7846"
},
{
"category": "external",
"summary": "SUSE Bug 1074043 for CVE-2017-7846",
"url": "https://bugzilla.suse.com/1074043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7846"
},
{
"cve": "CVE-2017-7847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7847"
}
],
"notes": [
{
"category": "general",
"text": "Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird \u003c 52.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7847",
"url": "https://www.suse.com/security/cve/CVE-2017-7847"
},
{
"category": "external",
"summary": "SUSE Bug 1074044 for CVE-2017-7847",
"url": "https://bugzilla.suse.com/1074044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7847"
},
{
"cve": "CVE-2017-7848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7848"
}
],
"notes": [
{
"category": "general",
"text": "RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird \u003c 52.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7848",
"url": "https://www.suse.com/security/cve/CVE-2017-7848"
},
{
"category": "external",
"summary": "SUSE Bug 1074045 for CVE-2017-7848",
"url": "https://bugzilla.suse.com/1074045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7848"
},
{
"cve": "CVE-2018-12359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12359"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12359",
"url": "https://www.suse.com/security/cve/CVE-2018-12359"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12359",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12359"
},
{
"cve": "CVE-2018-12360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12360"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12360",
"url": "https://www.suse.com/security/cve/CVE-2018-12360"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12360",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12360"
},
{
"cve": "CVE-2018-12361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12361"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12361",
"url": "https://www.suse.com/security/cve/CVE-2018-12361"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12361",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12361"
},
{
"cve": "CVE-2018-12362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12362"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12362",
"url": "https://www.suse.com/security/cve/CVE-2018-12362"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12362",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12362"
},
{
"cve": "CVE-2018-12363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12363"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12363",
"url": "https://www.suse.com/security/cve/CVE-2018-12363"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12363",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12363"
},
{
"cve": "CVE-2018-12364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12364"
}
],
"notes": [
{
"category": "general",
"text": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12364",
"url": "https://www.suse.com/security/cve/CVE-2018-12364"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12364",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12364"
},
{
"cve": "CVE-2018-12365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12365"
}
],
"notes": [
{
"category": "general",
"text": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12365",
"url": "https://www.suse.com/security/cve/CVE-2018-12365"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12365",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12365"
},
{
"cve": "CVE-2018-12366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12366"
}
],
"notes": [
{
"category": "general",
"text": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12366",
"url": "https://www.suse.com/security/cve/CVE-2018-12366"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12366",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12366"
},
{
"cve": "CVE-2018-12367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12367"
}
],
"notes": [
{
"category": "general",
"text": "In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12367",
"url": "https://www.suse.com/security/cve/CVE-2018-12367"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12367",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12367"
},
{
"cve": "CVE-2018-12371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12371"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.1, Thunderbird \u003c 60, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12371",
"url": "https://www.suse.com/security/cve/CVE-2018-12371"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12371",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12371"
},
{
"cve": "CVE-2018-12372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12372"
}
],
"notes": [
{
"category": "general",
"text": "Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird \u003c 52.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12372",
"url": "https://www.suse.com/security/cve/CVE-2018-12372"
},
{
"category": "external",
"summary": "SUSE Bug 1100082 for CVE-2018-12372",
"url": "https://bugzilla.suse.com/1100082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12372"
},
{
"cve": "CVE-2018-12373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12373"
}
],
"notes": [
{
"category": "general",
"text": "dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird \u003c 52.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12373",
"url": "https://www.suse.com/security/cve/CVE-2018-12373"
},
{
"category": "external",
"summary": "SUSE Bug 1100079 for CVE-2018-12373",
"url": "https://bugzilla.suse.com/1100079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12373"
},
{
"cve": "CVE-2018-12374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12374"
}
],
"notes": [
{
"category": "general",
"text": "Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird \u003c 52.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12374",
"url": "https://www.suse.com/security/cve/CVE-2018-12374"
},
{
"category": "external",
"summary": "SUSE Bug 1100081 for CVE-2018-12374",
"url": "https://bugzilla.suse.com/1100081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12374"
},
{
"cve": "CVE-2018-12376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12376"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12376",
"url": "https://www.suse.com/security/cve/CVE-2018-12376"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12376",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12376"
},
{
"cve": "CVE-2018-12377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12377"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12377",
"url": "https://www.suse.com/security/cve/CVE-2018-12377"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12377",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12377"
},
{
"cve": "CVE-2018-12378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12378"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12378",
"url": "https://www.suse.com/security/cve/CVE-2018-12378"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12378",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12378"
},
{
"cve": "CVE-2018-12383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12383"
}
],
"notes": [
{
"category": "general",
"text": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12383",
"url": "https://www.suse.com/security/cve/CVE-2018-12383"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12383",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12383"
},
{
"cve": "CVE-2018-12385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12385"
}
],
"notes": [
{
"category": "general",
"text": "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird \u003c 60.2.1, Firefox ESR \u003c 60.2.1, and Firefox \u003c 62.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12385",
"url": "https://www.suse.com/security/cve/CVE-2018-12385"
},
{
"category": "external",
"summary": "SUSE Bug 1109363 for CVE-2018-12385",
"url": "https://bugzilla.suse.com/1109363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12385"
},
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12391"
}
],
"notes": [
{
"category": "general",
"text": "During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12391",
"url": "https://www.suse.com/security/cve/CVE-2018-12391"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12391",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12391"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12405"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12405",
"url": "https://www.suse.com/security/cve/CVE-2018-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12405"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18492"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18492",
"url": "https://www.suse.com/security/cve/CVE-2018-18492"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18492"
},
{
"cve": "CVE-2018-18493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18493"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18493",
"url": "https://www.suse.com/security/cve/CVE-2018-18493"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18493"
},
{
"cve": "CVE-2018-18494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18494"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18494",
"url": "https://www.suse.com/security/cve/CVE-2018-18494"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18494"
},
{
"cve": "CVE-2018-18498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18498"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18498",
"url": "https://www.suse.com/security/cve/CVE-2018-18498"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18498"
},
{
"cve": "CVE-2018-18500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18500"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18500",
"url": "https://www.suse.com/security/cve/CVE-2018-18500"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18500"
},
{
"cve": "CVE-2018-18501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18501"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18501",
"url": "https://www.suse.com/security/cve/CVE-2018-18501"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18501"
},
{
"cve": "CVE-2018-18505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18505"
}
],
"notes": [
{
"category": "general",
"text": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18505",
"url": "https://www.suse.com/security/cve/CVE-2018-18505"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18505"
},
{
"cve": "CVE-2018-18509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18509"
}
],
"notes": [
{
"category": "general",
"text": "A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren\u0027t covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird \u003c 60.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18509",
"url": "https://www.suse.com/security/cve/CVE-2018-18509"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18509",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-18509"
},
{
"cve": "CVE-2018-18511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18511"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18511",
"url": "https://www.suse.com/security/cve/CVE-2018-18511"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125396"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18511"
},
{
"cve": "CVE-2018-5089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5089"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5089",
"url": "https://www.suse.com/security/cve/CVE-2018-5089"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5089",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5089"
},
{
"cve": "CVE-2018-5095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5095"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5095",
"url": "https://www.suse.com/security/cve/CVE-2018-5095"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5095",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5095"
},
{
"cve": "CVE-2018-5096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5096"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 52.6 and Thunderbird \u003c 52.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5096",
"url": "https://www.suse.com/security/cve/CVE-2018-5096"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5096",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5096"
},
{
"cve": "CVE-2018-5097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5097"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5097",
"url": "https://www.suse.com/security/cve/CVE-2018-5097"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5097",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5097"
},
{
"cve": "CVE-2018-5098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5098"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5098",
"url": "https://www.suse.com/security/cve/CVE-2018-5098"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5098",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5098"
},
{
"cve": "CVE-2018-5099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5099"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5099",
"url": "https://www.suse.com/security/cve/CVE-2018-5099"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5099",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5099"
},
{
"cve": "CVE-2018-5102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5102"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5102",
"url": "https://www.suse.com/security/cve/CVE-2018-5102"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5102",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5102"
},
{
"cve": "CVE-2018-5103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5103"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5103",
"url": "https://www.suse.com/security/cve/CVE-2018-5103"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5103",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5103"
},
{
"cve": "CVE-2018-5104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5104"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5104",
"url": "https://www.suse.com/security/cve/CVE-2018-5104"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5104",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5104"
},
{
"cve": "CVE-2018-5117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5117"
}
],
"notes": [
{
"category": "general",
"text": "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird \u003c 52.6, Firefox ESR \u003c 52.6, and Firefox \u003c 58.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5117",
"url": "https://www.suse.com/security/cve/CVE-2018-5117"
},
{
"category": "external",
"summary": "SUSE Bug 1077291 for CVE-2018-5117",
"url": "https://bugzilla.suse.com/1077291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5117"
},
{
"cve": "CVE-2018-5125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5125"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5125",
"url": "https://www.suse.com/security/cve/CVE-2018-5125"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5125",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5125"
},
{
"cve": "CVE-2018-5127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5127"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5127",
"url": "https://www.suse.com/security/cve/CVE-2018-5127"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5127",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5127"
},
{
"cve": "CVE-2018-5129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5129"
}
],
"notes": [
{
"category": "general",
"text": "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird \u003c 52.7, Firefox ESR \u003c 52.7, and Firefox \u003c 59.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5129",
"url": "https://www.suse.com/security/cve/CVE-2018-5129"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5129",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5129"
},
{
"cve": "CVE-2018-5144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5144"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5144",
"url": "https://www.suse.com/security/cve/CVE-2018-5144"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5144",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5144"
},
{
"cve": "CVE-2018-5145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5145"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 52.7 and Thunderbird \u003c 52.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5145",
"url": "https://www.suse.com/security/cve/CVE-2018-5145"
},
{
"category": "external",
"summary": "SUSE Bug 1085130 for CVE-2018-5145",
"url": "https://bugzilla.suse.com/1085130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5145"
},
{
"cve": "CVE-2018-5146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5146"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox \u003c 59.0.1, Firefox ESR \u003c 52.7.2, and Thunderbird \u003c 52.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5146",
"url": "https://www.suse.com/security/cve/CVE-2018-5146"
},
{
"category": "external",
"summary": "SUSE Bug 1085671 for CVE-2018-5146",
"url": "https://bugzilla.suse.com/1085671"
},
{
"category": "external",
"summary": "SUSE Bug 1085687 for CVE-2018-5146",
"url": "https://bugzilla.suse.com/1085687"
},
{
"category": "external",
"summary": "SUSE Bug 1180395 for CVE-2018-5146",
"url": "https://bugzilla.suse.com/1180395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5146"
},
{
"cve": "CVE-2018-5150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5150"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5150",
"url": "https://www.suse.com/security/cve/CVE-2018-5150"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5150",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5150"
},
{
"cve": "CVE-2018-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5154"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5154",
"url": "https://www.suse.com/security/cve/CVE-2018-5154"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5154",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5154"
},
{
"cve": "CVE-2018-5155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5155"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5155",
"url": "https://www.suse.com/security/cve/CVE-2018-5155"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5155",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5155"
},
{
"cve": "CVE-2018-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5156"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5156",
"url": "https://www.suse.com/security/cve/CVE-2018-5156"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5156",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5156"
},
{
"cve": "CVE-2018-5159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5159"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5159",
"url": "https://www.suse.com/security/cve/CVE-2018-5159"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5159",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5159"
},
{
"cve": "CVE-2018-5161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5161"
}
],
"notes": [
{
"category": "general",
"text": "Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR \u003c 52.8 and Thunderbird \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5161",
"url": "https://www.suse.com/security/cve/CVE-2018-5161"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5161",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5161",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5161",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5161",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5161",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5161",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5161",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5161"
},
{
"cve": "CVE-2018-5162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5162"
}
],
"notes": [
{
"category": "general",
"text": "Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR \u003c 52.8 and Thunderbird \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5162",
"url": "https://www.suse.com/security/cve/CVE-2018-5162"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093151 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1093151"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5162",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5162"
},
{
"cve": "CVE-2018-5168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5168"
}
],
"notes": [
{
"category": "general",
"text": "Sites can bypass security checks on permissions to install lightweight themes by manipulating the \"baseURI\" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5168",
"url": "https://www.suse.com/security/cve/CVE-2018-5168"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5168",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5168"
},
{
"cve": "CVE-2018-5170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5170"
}
],
"notes": [
{
"category": "general",
"text": "It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR \u003c 52.8 and Thunderbird \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5170",
"url": "https://www.suse.com/security/cve/CVE-2018-5170"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5170",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5170",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5170",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5170",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5170",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5170",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5170",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5170"
},
{
"cve": "CVE-2018-5174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5174"
}
],
"notes": [
{
"category": "general",
"text": "In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the \"SEE_MASK_FLAG_NO_UI\" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won\u0027t prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird \u003c 52.8, Thunderbird ESR \u003c 52.8, Firefox \u003c 60, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5174",
"url": "https://www.suse.com/security/cve/CVE-2018-5174"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5174",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5174"
},
{
"cve": "CVE-2018-5178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5178"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR \u003c 52.8, Thunderbird \u003c 52.8, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5178",
"url": "https://www.suse.com/security/cve/CVE-2018-5178"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5178",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5178",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5178",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5178",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5178",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5178",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5178",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5178"
},
{
"cve": "CVE-2018-5183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5183"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR \u003c 52.8, Thunderbird \u003c 52.8, and Firefox ESR \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5183",
"url": "https://www.suse.com/security/cve/CVE-2018-5183"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5183",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5183",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5183",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5183",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5183",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5183",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5183",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5183"
},
{
"cve": "CVE-2018-5184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5184"
}
],
"notes": [
{
"category": "general",
"text": "Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR \u003c 52.8 and Thunderbird \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5184",
"url": "https://www.suse.com/security/cve/CVE-2018-5184"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093152 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1093152"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5184",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5184"
},
{
"cve": "CVE-2018-5185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5185"
}
],
"notes": [
{
"category": "general",
"text": "Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR \u003c 52.8 and Thunderbird \u003c 52.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5185",
"url": "https://www.suse.com/security/cve/CVE-2018-5185"
},
{
"category": "external",
"summary": "SUSE Bug 1092548 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1092548"
},
{
"category": "external",
"summary": "SUSE Bug 1092611 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1092611"
},
{
"category": "external",
"summary": "SUSE Bug 1093151 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1093151"
},
{
"category": "external",
"summary": "SUSE Bug 1093969 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1093969"
},
{
"category": "external",
"summary": "SUSE Bug 1093970 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1093970"
},
{
"category": "external",
"summary": "SUSE Bug 1093971 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1093971"
},
{
"category": "external",
"summary": "SUSE Bug 1093972 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1093972"
},
{
"category": "external",
"summary": "SUSE Bug 1093973 for CVE-2018-5185",
"url": "https://bugzilla.suse.com/1093973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5185"
},
{
"cve": "CVE-2018-5187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5187"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5187",
"url": "https://www.suse.com/security/cve/CVE-2018-5187"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5187",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5187"
},
{
"cve": "CVE-2018-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5188"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5188",
"url": "https://www.suse.com/security/cve/CVE-2018-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5188",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5188"
},
{
"cve": "CVE-2019-11691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11691"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11691",
"url": "https://www.suse.com/security/cve/CVE-2019-11691"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11691",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11691"
},
{
"cve": "CVE-2019-11692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11692"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11692",
"url": "https://www.suse.com/security/cve/CVE-2019-11692"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11692",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11692"
},
{
"cve": "CVE-2019-11693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11693"
}
],
"notes": [
{
"category": "general",
"text": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11693",
"url": "https://www.suse.com/security/cve/CVE-2019-11693"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11693",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11693"
},
{
"cve": "CVE-2019-11694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11694"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11694",
"url": "https://www.suse.com/security/cve/CVE-2019-11694"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11694",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11694"
},
{
"cve": "CVE-2019-11698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11698"
}
],
"notes": [
{
"category": "general",
"text": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user\u0027s browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11698",
"url": "https://www.suse.com/security/cve/CVE-2019-11698"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11698",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11698"
},
{
"cve": "CVE-2019-11703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11703"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11703",
"url": "https://www.suse.com/security/cve/CVE-2019-11703"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11703",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11703"
},
{
"cve": "CVE-2019-11704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11704"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11704",
"url": "https://www.suse.com/security/cve/CVE-2019-11704"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11704",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11704"
},
{
"cve": "CVE-2019-11705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11705"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11705",
"url": "https://www.suse.com/security/cve/CVE-2019-11705"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11705",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11705"
},
{
"cve": "CVE-2019-11706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11706"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Thunderbird\u0027s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11706",
"url": "https://www.suse.com/security/cve/CVE-2019-11706"
},
{
"category": "external",
"summary": "SUSE Bug 1137595 for CVE-2019-11706",
"url": "https://bugzilla.suse.com/1137595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11706"
},
{
"cve": "CVE-2019-11707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11707"
}
],
"notes": [
{
"category": "general",
"text": "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 60.7.1, Firefox \u003c 67.0.3, and Thunderbird \u003c 60.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11707",
"url": "https://www.suse.com/security/cve/CVE-2019-11707"
},
{
"category": "external",
"summary": "SUSE Bug 1138614 for CVE-2019-11707",
"url": "https://bugzilla.suse.com/1138614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11707"
},
{
"cve": "CVE-2019-11708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11708"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user\u0027s computer. This vulnerability affects Firefox ESR \u003c 60.7.2, Firefox \u003c 67.0.4, and Thunderbird \u003c 60.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11708",
"url": "https://www.suse.com/security/cve/CVE-2019-11708"
},
{
"category": "external",
"summary": "SUSE Bug 1138872 for CVE-2019-11708",
"url": "https://bugzilla.suse.com/1138872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-11708"
},
{
"cve": "CVE-2019-11709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11709"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11709",
"url": "https://www.suse.com/security/cve/CVE-2019-11709"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11709",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11709"
},
{
"cve": "CVE-2019-11711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11711"
}
],
"notes": [
{
"category": "general",
"text": "When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11711",
"url": "https://www.suse.com/security/cve/CVE-2019-11711"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11711",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11711"
},
{
"cve": "CVE-2019-11712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11712"
}
],
"notes": [
{
"category": "general",
"text": "POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11712",
"url": "https://www.suse.com/security/cve/CVE-2019-11712"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11712",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11712"
},
{
"cve": "CVE-2019-11713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11713"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11713",
"url": "https://www.suse.com/security/cve/CVE-2019-11713"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11713",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11713"
},
{
"cve": "CVE-2019-11715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11715"
}
],
"notes": [
{
"category": "general",
"text": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11715",
"url": "https://www.suse.com/security/cve/CVE-2019-11715"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11715",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11715"
},
{
"cve": "CVE-2019-11717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11717"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11717",
"url": "https://www.suse.com/security/cve/CVE-2019-11717"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11717",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11717"
},
{
"cve": "CVE-2019-11719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11719"
}
],
"notes": [
{
"category": "general",
"text": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11719",
"url": "https://www.suse.com/security/cve/CVE-2019-11719"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11719",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11719"
},
{
"cve": "CVE-2019-11729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11729"
}
],
"notes": [
{
"category": "general",
"text": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11729",
"url": "https://www.suse.com/security/cve/CVE-2019-11729"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11729",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11729"
},
{
"cve": "CVE-2019-11730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11730"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app\u0027s predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11730",
"url": "https://www.suse.com/security/cve/CVE-2019-11730"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-11730",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11730"
},
{
"cve": "CVE-2019-11739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11739"
}
],
"notes": [
{
"category": "general",
"text": "Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird \u003c 68.1 and Thunderbird \u003c 60.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11739",
"url": "https://www.suse.com/security/cve/CVE-2019-11739"
},
{
"category": "external",
"summary": "SUSE Bug 1150939 for CVE-2019-11739",
"url": "https://bugzilla.suse.com/1150939"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11739",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11739"
},
{
"cve": "CVE-2019-11740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11740"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11740",
"url": "https://www.suse.com/security/cve/CVE-2019-11740"
},
{
"category": "external",
"summary": "SUSE Bug 1149299 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1149299"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11740",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11740"
},
{
"cve": "CVE-2019-11742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11742"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a \u0026lt;canvas\u0026gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11742",
"url": "https://www.suse.com/security/cve/CVE-2019-11742"
},
{
"category": "external",
"summary": "SUSE Bug 1149303 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1149303"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11742",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11742"
},
{
"cve": "CVE-2019-11743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11743"
}
],
"notes": [
{
"category": "general",
"text": "Navigation events were not fully adhering to the W3C\u0027s \"Navigation-Timing Level 2\" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11743",
"url": "https://www.suse.com/security/cve/CVE-2019-11743"
},
{
"category": "external",
"summary": "SUSE Bug 1149298 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1149298"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11743",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-11743"
},
{
"cve": "CVE-2019-11744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11744"
}
],
"notes": [
{
"category": "general",
"text": "Some HTML elements, such as \u0026lt;title\u0026gt; and \u0026lt;textarea\u0026gt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11744",
"url": "https://www.suse.com/security/cve/CVE-2019-11744"
},
{
"category": "external",
"summary": "SUSE Bug 1149304 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1149304"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11744",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11744"
},
{
"cve": "CVE-2019-11746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11746"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11746",
"url": "https://www.suse.com/security/cve/CVE-2019-11746"
},
{
"category": "external",
"summary": "SUSE Bug 1149297 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1149297"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11746",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11746"
},
{
"cve": "CVE-2019-11752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11752"
}
],
"notes": [
{
"category": "general",
"text": "It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11752",
"url": "https://www.suse.com/security/cve/CVE-2019-11752"
},
{
"category": "external",
"summary": "SUSE Bug 1149296 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1149296"
},
{
"category": "external",
"summary": "SUSE Bug 1149323 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1149323"
},
{
"category": "external",
"summary": "SUSE Bug 1149324 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1149324"
},
{
"category": "external",
"summary": "SUSE Bug 1150940 for CVE-2019-11752",
"url": "https://bugzilla.suse.com/1150940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11752"
},
{
"cve": "CVE-2019-11755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11755"
}
],
"notes": [
{
"category": "general",
"text": "A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird \u003c 68.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11755",
"url": "https://www.suse.com/security/cve/CVE-2019-11755"
},
{
"category": "external",
"summary": "SUSE Bug 1152375 for CVE-2019-11755",
"url": "https://bugzilla.suse.com/1152375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11755"
},
{
"cve": "CVE-2019-11757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11757"
}
],
"notes": [
{
"category": "general",
"text": "When following the value\u0027s prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11757",
"url": "https://www.suse.com/security/cve/CVE-2019-11757"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11757",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11757"
},
{
"cve": "CVE-2019-11758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11758"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11758",
"url": "https://www.suse.com/security/cve/CVE-2019-11758"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11758",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11758"
},
{
"cve": "CVE-2019-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11759"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11759",
"url": "https://www.suse.com/security/cve/CVE-2019-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11759",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11759"
},
{
"cve": "CVE-2019-11760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11760"
}
],
"notes": [
{
"category": "general",
"text": "A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11760",
"url": "https://www.suse.com/security/cve/CVE-2019-11760"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11760",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11760"
},
{
"cve": "CVE-2019-11761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11761"
}
],
"notes": [
{
"category": "general",
"text": "By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11761",
"url": "https://www.suse.com/security/cve/CVE-2019-11761"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11761",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11761"
},
{
"cve": "CVE-2019-11762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11762"
}
],
"notes": [
{
"category": "general",
"text": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11762",
"url": "https://www.suse.com/security/cve/CVE-2019-11762"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11762",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11762"
},
{
"cve": "CVE-2019-11763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11763"
}
],
"notes": [
{
"category": "general",
"text": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11763",
"url": "https://www.suse.com/security/cve/CVE-2019-11763"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11763",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11763"
},
{
"cve": "CVE-2019-11764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11764"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11764",
"url": "https://www.suse.com/security/cve/CVE-2019-11764"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11764",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11764"
},
{
"cve": "CVE-2019-13722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13722"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13722",
"url": "https://www.suse.com/security/cve/CVE-2019-13722"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-13722",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-13722"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-17005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17005"
}
],
"notes": [
{
"category": "general",
"text": "The plain text serializer used a fixed-size array for the number of \u003col\u003e elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17005",
"url": "https://www.suse.com/security/cve/CVE-2019-17005"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17005",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17005"
},
{
"cve": "CVE-2019-17008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17008"
}
],
"notes": [
{
"category": "general",
"text": "When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17008",
"url": "https://www.suse.com/security/cve/CVE-2019-17008"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17008",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17008"
},
{
"cve": "CVE-2019-17010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17010"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17010",
"url": "https://www.suse.com/security/cve/CVE-2019-17010"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17010",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17010"
},
{
"cve": "CVE-2019-17011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17011"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17011",
"url": "https://www.suse.com/security/cve/CVE-2019-17011"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17011",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17011"
},
{
"cve": "CVE-2019-17012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17012"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17012",
"url": "https://www.suse.com/security/cve/CVE-2019-17012"
},
{
"category": "external",
"summary": "SUSE Bug 1158328 for CVE-2019-17012",
"url": "https://bugzilla.suse.com/1158328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17012"
},
{
"cve": "CVE-2019-17015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17015"
}
],
"notes": [
{
"category": "general",
"text": "During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17015",
"url": "https://www.suse.com/security/cve/CVE-2019-17015"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17015",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17015"
},
{
"cve": "CVE-2019-17016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17016"
}
],
"notes": [
{
"category": "general",
"text": "When pasting a \u0026lt;style\u0026gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17016",
"url": "https://www.suse.com/security/cve/CVE-2019-17016"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17016",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17016"
},
{
"cve": "CVE-2019-17017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17017"
}
],
"notes": [
{
"category": "general",
"text": "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17017",
"url": "https://www.suse.com/security/cve/CVE-2019-17017"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17017",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17017"
},
{
"cve": "CVE-2019-17021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17021"
}
],
"notes": [
{
"category": "general",
"text": "During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17021",
"url": "https://www.suse.com/security/cve/CVE-2019-17021"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17021",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17021"
},
{
"cve": "CVE-2019-17022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17022"
}
],
"notes": [
{
"category": "general",
"text": "When pasting a \u0026lt;style\u0026gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape \u0026lt; and \u0026gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node\u0027s innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17022",
"url": "https://www.suse.com/security/cve/CVE-2019-17022"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17022",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17022"
},
{
"cve": "CVE-2019-17024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17024"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.4 and Firefox \u003c 72.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17024",
"url": "https://www.suse.com/security/cve/CVE-2019-17024"
},
{
"category": "external",
"summary": "SUSE Bug 1160305 for CVE-2019-17024",
"url": "https://bugzilla.suse.com/1160305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17024"
},
{
"cve": "CVE-2019-17026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17026"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 68.4.1, Thunderbird \u003c 68.4.1, and Firefox \u003c 72.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17026",
"url": "https://www.suse.com/security/cve/CVE-2019-17026"
},
{
"category": "external",
"summary": "SUSE Bug 1160498 for CVE-2019-17026",
"url": "https://bugzilla.suse.com/1160498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17026"
},
{
"cve": "CVE-2019-20503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20503"
}
],
"notes": [
{
"category": "general",
"text": "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20503",
"url": "https://www.suse.com/security/cve/CVE-2019-20503"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2019-20503",
"url": "https://bugzilla.suse.com/1166238"
},
{
"category": "external",
"summary": "SUSE Bug 1167090 for CVE-2019-20503",
"url": "https://bugzilla.suse.com/1167090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-20503"
},
{
"cve": "CVE-2019-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5785"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5785",
"url": "https://www.suse.com/security/cve/CVE-2019-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5785"
},
{
"cve": "CVE-2019-5798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5798"
}
],
"notes": [
{
"category": "general",
"text": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5798",
"url": "https://www.suse.com/security/cve/CVE-2019-5798"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1129059"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5798"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-7317"
},
{
"cve": "CVE-2019-9797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9797"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9797",
"url": "https://www.suse.com/security/cve/CVE-2019-9797"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9797"
},
{
"cve": "CVE-2019-9800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9800"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9800",
"url": "https://www.suse.com/security/cve/CVE-2019-9800"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9800",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9800"
},
{
"cve": "CVE-2019-9810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9810"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox \u003c 66.0.1, Firefox ESR \u003c 60.6.1, and Thunderbird \u003c 60.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9810",
"url": "https://www.suse.com/security/cve/CVE-2019-9810"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9810",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1130262 for CVE-2019-9810",
"url": "https://bugzilla.suse.com/1130262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9810"
},
{
"cve": "CVE-2019-9811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9811"
}
],
"notes": [
{
"category": "general",
"text": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9811",
"url": "https://www.suse.com/security/cve/CVE-2019-9811"
},
{
"category": "external",
"summary": "SUSE Bug 1140868 for CVE-2019-9811",
"url": "https://bugzilla.suse.com/1140868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9811"
},
{
"cve": "CVE-2019-9813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9813"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox \u003c 66.0.1, Firefox ESR \u003c 60.6.1, and Thunderbird \u003c 60.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9813",
"url": "https://www.suse.com/security/cve/CVE-2019-9813"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9813",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1130262 for CVE-2019-9813",
"url": "https://bugzilla.suse.com/1130262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9813"
},
{
"cve": "CVE-2019-9815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9815"
}
],
"notes": [
{
"category": "general",
"text": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9815",
"url": "https://www.suse.com/security/cve/CVE-2019-9815"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9815",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9815"
},
{
"cve": "CVE-2019-9816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9816"
}
],
"notes": [
{
"category": "general",
"text": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9816",
"url": "https://www.suse.com/security/cve/CVE-2019-9816"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9816",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9816"
},
{
"cve": "CVE-2019-9817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9817"
}
],
"notes": [
{
"category": "general",
"text": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9817",
"url": "https://www.suse.com/security/cve/CVE-2019-9817"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9817",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9817"
},
{
"cve": "CVE-2019-9818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9818"
}
],
"notes": [
{
"category": "general",
"text": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9818",
"url": "https://www.suse.com/security/cve/CVE-2019-9818"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9818",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9818"
},
{
"cve": "CVE-2019-9819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9819"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9819",
"url": "https://www.suse.com/security/cve/CVE-2019-9819"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9819",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9819"
},
{
"cve": "CVE-2019-9820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9820"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9820",
"url": "https://www.suse.com/security/cve/CVE-2019-9820"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9820",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9820"
},
{
"cve": "CVE-2020-12387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12387"
}
],
"notes": [
{
"category": "general",
"text": "A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12387",
"url": "https://www.suse.com/security/cve/CVE-2020-12387"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12387",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12387"
},
{
"cve": "CVE-2020-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12392"
}
],
"notes": [
{
"category": "general",
"text": "The \u0027Copy as cURL\u0027 feature of Devtools\u0027 network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the \u0027Copy as cURL\u0027 feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12392",
"url": "https://www.suse.com/security/cve/CVE-2020-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12392",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12392"
},
{
"cve": "CVE-2020-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12393"
}
],
"notes": [
{
"category": "general",
"text": "The \u0027Copy as cURL\u0027 feature of Devtools\u0027 network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the \u0027Copy as cURL\u0027 feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12393",
"url": "https://www.suse.com/security/cve/CVE-2020-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12393",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12393"
},
{
"cve": "CVE-2020-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12395"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12395",
"url": "https://www.suse.com/security/cve/CVE-2020-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12395",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12395"
},
{
"cve": "CVE-2020-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12397"
}
],
"notes": [
{
"category": "general",
"text": "By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12397",
"url": "https://www.suse.com/security/cve/CVE-2020-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-12397",
"url": "https://bugzilla.suse.com/1171186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-12397"
},
{
"cve": "CVE-2020-12398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12398"
}
],
"notes": [
{
"category": "general",
"text": "If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird \u003c 68.9.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12398",
"url": "https://www.suse.com/security/cve/CVE-2020-12398"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12398",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12398"
},
{
"cve": "CVE-2020-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12405"
}
],
"notes": [
{
"category": "general",
"text": "When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12405",
"url": "https://www.suse.com/security/cve/CVE-2020-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12405",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12405"
},
{
"cve": "CVE-2020-12406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12406"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12406",
"url": "https://www.suse.com/security/cve/CVE-2020-12406"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12406",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12406"
},
{
"cve": "CVE-2020-12410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12410"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12410",
"url": "https://www.suse.com/security/cve/CVE-2020-12410"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12410",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12410"
},
{
"cve": "CVE-2020-12417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12417"
}
],
"notes": [
{
"category": "general",
"text": "Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12417",
"url": "https://www.suse.com/security/cve/CVE-2020-12417"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12417",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12417",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12417"
},
{
"cve": "CVE-2020-12418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12418"
}
],
"notes": [
{
"category": "general",
"text": "Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12418",
"url": "https://www.suse.com/security/cve/CVE-2020-12418"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12418",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12418",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12418"
},
{
"cve": "CVE-2020-12419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12419"
}
],
"notes": [
{
"category": "general",
"text": "When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12419",
"url": "https://www.suse.com/security/cve/CVE-2020-12419"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12419",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12419",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12419"
},
{
"cve": "CVE-2020-12420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12420"
}
],
"notes": [
{
"category": "general",
"text": "When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12420",
"url": "https://www.suse.com/security/cve/CVE-2020-12420"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12420",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12420",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12420"
},
{
"cve": "CVE-2020-12421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12421"
}
],
"notes": [
{
"category": "general",
"text": "When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR \u003c 68.10, Firefox \u003c 78, and Thunderbird \u003c 68.10.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12421",
"url": "https://www.suse.com/security/cve/CVE-2020-12421"
},
{
"category": "external",
"summary": "SUSE Bug 1173576 for CVE-2020-12421",
"url": "https://bugzilla.suse.com/1173576"
},
{
"category": "external",
"summary": "SUSE Bug 1174230 for CVE-2020-12421",
"url": "https://bugzilla.suse.com/1174230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12421"
},
{
"cve": "CVE-2020-15652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15652"
}
],
"notes": [
{
"category": "general",
"text": "By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox \u003c 79, Firefox ESR \u003c 68.11, Firefox ESR \u003c 78.1, Thunderbird \u003c 68.11, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15652",
"url": "https://www.suse.com/security/cve/CVE-2020-15652"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15652",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15652"
},
{
"cve": "CVE-2020-15659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15659"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 79, Firefox ESR \u003c 68.11, Firefox ESR \u003c 78.1, Thunderbird \u003c 68.11, and Thunderbird \u003c 78.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15659",
"url": "https://www.suse.com/security/cve/CVE-2020-15659"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-15659",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15659"
},
{
"cve": "CVE-2020-15663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15663"
}
],
"notes": [
{
"category": "general",
"text": "If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 80, Thunderbird \u003c 78.2, Thunderbird \u003c 68.12, Firefox ESR \u003c 68.12, and Firefox ESR \u003c 78.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15663",
"url": "https://www.suse.com/security/cve/CVE-2020-15663"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15663",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15663"
},
{
"cve": "CVE-2020-15664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15664"
}
],
"notes": [
{
"category": "general",
"text": "By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox \u003c 80, Thunderbird \u003c 78.2, Thunderbird \u003c 68.12, Firefox ESR \u003c 68.12, Firefox ESR \u003c 78.2, and Firefox for Android \u003c 80.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15664",
"url": "https://www.suse.com/security/cve/CVE-2020-15664"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15664",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15664"
},
{
"cve": "CVE-2020-15669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15669"
}
],
"notes": [
{
"category": "general",
"text": "When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 68.12 and Thunderbird \u003c 68.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15669",
"url": "https://www.suse.com/security/cve/CVE-2020-15669"
},
{
"category": "external",
"summary": "SUSE Bug 1175686 for CVE-2020-15669",
"url": "https://bugzilla.suse.com/1175686"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15669"
},
{
"cve": "CVE-2020-15673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15673"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15673",
"url": "https://www.suse.com/security/cve/CVE-2020-15673"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15673",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15673",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15673"
},
{
"cve": "CVE-2020-15676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15676"
}
],
"notes": [
{
"category": "general",
"text": "Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15676",
"url": "https://www.suse.com/security/cve/CVE-2020-15676"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15676",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15676",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15676"
},
{
"cve": "CVE-2020-15677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15677"
}
],
"notes": [
{
"category": "general",
"text": "By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15677",
"url": "https://www.suse.com/security/cve/CVE-2020-15677"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15677",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15677",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15677"
},
{
"cve": "CVE-2020-15678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15678"
}
],
"notes": [
{
"category": "general",
"text": "When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox \u003c 81, Thunderbird \u003c 78.3, and Firefox ESR \u003c 78.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15678",
"url": "https://www.suse.com/security/cve/CVE-2020-15678"
},
{
"category": "external",
"summary": "SUSE Bug 1176756 for CVE-2020-15678",
"url": "https://bugzilla.suse.com/1176756"
},
{
"category": "external",
"summary": "SUSE Bug 1176899 for CVE-2020-15678",
"url": "https://bugzilla.suse.com/1176899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15678"
},
{
"cve": "CVE-2020-15683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15683"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.4, Firefox \u003c 82, and Thunderbird \u003c 78.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15683",
"url": "https://www.suse.com/security/cve/CVE-2020-15683"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15683",
"url": "https://bugzilla.suse.com/1177872"
},
{
"category": "external",
"summary": "SUSE Bug 1177977 for CVE-2020-15683",
"url": "https://bugzilla.suse.com/1177977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15683"
},
{
"cve": "CVE-2020-15685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15685"
}
],
"notes": [
{
"category": "general",
"text": "During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15685",
"url": "https://www.suse.com/security/cve/CVE-2020-15685"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2020-15685",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15685"
},
{
"cve": "CVE-2020-15969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15969"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15969",
"url": "https://www.suse.com/security/cve/CVE-2020-15969"
},
{
"category": "external",
"summary": "SUSE Bug 1177408 for CVE-2020-15969",
"url": "https://bugzilla.suse.com/1177408"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-15969",
"url": "https://bugzilla.suse.com/1177872"
},
{
"category": "external",
"summary": "SUSE Bug 1177977 for CVE-2020-15969",
"url": "https://bugzilla.suse.com/1177977"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15969"
},
{
"cve": "CVE-2020-15999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15999"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15999",
"url": "https://www.suse.com/security/cve/CVE-2020-15999"
},
{
"category": "external",
"summary": "SUSE Bug 1177914 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177914"
},
{
"category": "external",
"summary": "SUSE Bug 1177936 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1177936"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-15999",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15999"
},
{
"cve": "CVE-2020-16012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16012"
}
],
"notes": [
{
"category": "general",
"text": "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16012",
"url": "https://www.suse.com/security/cve/CVE-2020-16012"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178894"
},
{
"category": "external",
"summary": "SUSE Bug 1178923 for CVE-2020-16012",
"url": "https://bugzilla.suse.com/1178923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-16012"
},
{
"cve": "CVE-2020-16042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16042"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16042",
"url": "https://www.suse.com/security/cve/CVE-2020-16042"
},
{
"category": "external",
"summary": "SUSE Bug 1179576 for CVE-2020-16042",
"url": "https://bugzilla.suse.com/1179576"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-16042",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-16042"
},
{
"cve": "CVE-2020-16044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16044"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16044",
"url": "https://www.suse.com/security/cve/CVE-2020-16044"
},
{
"category": "external",
"summary": "SUSE Bug 1180623 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1180623"
},
{
"category": "external",
"summary": "SUSE Bug 1181137 for CVE-2020-16044",
"url": "https://bugzilla.suse.com/1181137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-16044"
},
{
"cve": "CVE-2020-26950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26950"
}
],
"notes": [
{
"category": "general",
"text": "In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox \u003c 82.0.3, Firefox ESR \u003c 78.4.1, and Thunderbird \u003c 78.4.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26950",
"url": "https://www.suse.com/security/cve/CVE-2020-26950"
},
{
"category": "external",
"summary": "SUSE Bug 1177872 for CVE-2020-26950",
"url": "https://bugzilla.suse.com/1177872"
},
{
"category": "external",
"summary": "SUSE Bug 1178588 for CVE-2020-26950",
"url": "https://bugzilla.suse.com/1178588"
},
{
"category": "external",
"summary": "SUSE Bug 1178611 for CVE-2020-26950",
"url": "https://bugzilla.suse.com/1178611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26950"
},
{
"cve": "CVE-2020-26951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26951"
}
],
"notes": [
{
"category": "general",
"text": "A parsing and event loading mismatch in Firefox\u0027s SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26951",
"url": "https://www.suse.com/security/cve/CVE-2020-26951"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26951",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26951"
},
{
"cve": "CVE-2020-26953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26953"
}
],
"notes": [
{
"category": "general",
"text": "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26953",
"url": "https://www.suse.com/security/cve/CVE-2020-26953"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26953",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26953"
},
{
"cve": "CVE-2020-26956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26956"
}
],
"notes": [
{
"category": "general",
"text": "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26956",
"url": "https://www.suse.com/security/cve/CVE-2020-26956"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26956",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26956"
},
{
"cve": "CVE-2020-26958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26958"
}
],
"notes": [
{
"category": "general",
"text": "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26958",
"url": "https://www.suse.com/security/cve/CVE-2020-26958"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26958",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26958"
},
{
"cve": "CVE-2020-26959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26959"
}
],
"notes": [
{
"category": "general",
"text": "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26959",
"url": "https://www.suse.com/security/cve/CVE-2020-26959"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26959",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26959"
},
{
"cve": "CVE-2020-26960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26960"
}
],
"notes": [
{
"category": "general",
"text": "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26960",
"url": "https://www.suse.com/security/cve/CVE-2020-26960"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26960",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26960"
},
{
"cve": "CVE-2020-26961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26961"
}
],
"notes": [
{
"category": "general",
"text": "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26961",
"url": "https://www.suse.com/security/cve/CVE-2020-26961"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26961",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26961"
},
{
"cve": "CVE-2020-26965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26965"
}
],
"notes": [
{
"category": "general",
"text": "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26965",
"url": "https://www.suse.com/security/cve/CVE-2020-26965"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26965",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26965"
},
{
"cve": "CVE-2020-26966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26966"
}
],
"notes": [
{
"category": "general",
"text": "Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26966",
"url": "https://www.suse.com/security/cve/CVE-2020-26966"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26966",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26966"
},
{
"cve": "CVE-2020-26968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26968"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 83, Firefox ESR \u003c 78.5, and Thunderbird \u003c 78.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26968",
"url": "https://www.suse.com/security/cve/CVE-2020-26968"
},
{
"category": "external",
"summary": "SUSE Bug 1178824 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178824"
},
{
"category": "external",
"summary": "SUSE Bug 1178894 for CVE-2020-26968",
"url": "https://bugzilla.suse.com/1178894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26968"
},
{
"cve": "CVE-2020-26970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26970"
}
],
"notes": [
{
"category": "general",
"text": "When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird \u003c 78.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26970",
"url": "https://www.suse.com/security/cve/CVE-2020-26970"
},
{
"category": "external",
"summary": "SUSE Bug 1179530 for CVE-2020-26970",
"url": "https://bugzilla.suse.com/1179530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-26970"
},
{
"cve": "CVE-2020-26971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26971"
}
],
"notes": [
{
"category": "general",
"text": "Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26971",
"url": "https://www.suse.com/security/cve/CVE-2020-26971"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26971",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26971"
},
{
"cve": "CVE-2020-26973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26973"
}
],
"notes": [
{
"category": "general",
"text": "Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26973",
"url": "https://www.suse.com/security/cve/CVE-2020-26973"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26973",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26973"
},
{
"cve": "CVE-2020-26974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26974"
}
],
"notes": [
{
"category": "general",
"text": "When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26974",
"url": "https://www.suse.com/security/cve/CVE-2020-26974"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26974",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26974"
},
{
"cve": "CVE-2020-26976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26976"
}
],
"notes": [
{
"category": "general",
"text": "When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox \u003c 84.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26976",
"url": "https://www.suse.com/security/cve/CVE-2020-26976"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26976",
"url": "https://bugzilla.suse.com/1180039"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2020-26976",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26976"
},
{
"cve": "CVE-2020-26978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26978"
}
],
"notes": [
{
"category": "general",
"text": "Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network\u0027s hosts as well as services running on the user\u0027s local machine. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26978",
"url": "https://www.suse.com/security/cve/CVE-2020-26978"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-26978",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26978"
},
{
"cve": "CVE-2020-35111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35111"
}
],
"notes": [
{
"category": "general",
"text": "When an extension with the proxy permission registered to receive \u003call_urls\u003e, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35111",
"url": "https://www.suse.com/security/cve/CVE-2020-35111"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-35111",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35111"
},
{
"cve": "CVE-2020-35112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35112"
}
],
"notes": [
{
"category": "general",
"text": "If a user downloaded a file lacking an extension on Windows, and then \"Open\"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35112",
"url": "https://www.suse.com/security/cve/CVE-2020-35112"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-35112",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35112"
},
{
"cve": "CVE-2020-35113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35113"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 84, Thunderbird \u003c 78.6, and Firefox ESR \u003c 78.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35113",
"url": "https://www.suse.com/security/cve/CVE-2020-35113"
},
{
"category": "external",
"summary": "SUSE Bug 1180039 for CVE-2020-35113",
"url": "https://bugzilla.suse.com/1180039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35113"
},
{
"cve": "CVE-2020-6463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6463"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6463",
"url": "https://www.suse.com/security/cve/CVE-2020-6463"
},
{
"category": "external",
"summary": "SUSE Bug 1171975 for CVE-2020-6463",
"url": "https://bugzilla.suse.com/1171975"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-6463",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-6463"
},
{
"cve": "CVE-2020-6514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6514"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6514",
"url": "https://www.suse.com/security/cve/CVE-2020-6514"
},
{
"category": "external",
"summary": "SUSE Bug 1174189 for CVE-2020-6514",
"url": "https://bugzilla.suse.com/1174189"
},
{
"category": "external",
"summary": "SUSE Bug 1174538 for CVE-2020-6514",
"url": "https://bugzilla.suse.com/1174538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6514"
},
{
"cve": "CVE-2020-6792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6792"
}
],
"notes": [
{
"category": "general",
"text": "When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird \u003c 68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6792",
"url": "https://www.suse.com/security/cve/CVE-2020-6792"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6792",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6792"
},
{
"cve": "CVE-2020-6793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6793"
}
],
"notes": [
{
"category": "general",
"text": "When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird \u003c 68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6793",
"url": "https://www.suse.com/security/cve/CVE-2020-6793"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6793",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6793"
},
{
"cve": "CVE-2020-6794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6794"
}
],
"notes": [
{
"category": "general",
"text": "If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird \u003c 68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6794",
"url": "https://www.suse.com/security/cve/CVE-2020-6794"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6794",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6794"
},
{
"cve": "CVE-2020-6795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6795"
}
],
"notes": [
{
"category": "general",
"text": "When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird \u003c 68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6795",
"url": "https://www.suse.com/security/cve/CVE-2020-6795"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6795",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6795"
},
{
"cve": "CVE-2020-6797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6797"
}
],
"notes": [
{
"category": "general",
"text": "By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user\u0027s computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird \u003c 68.5, Firefox \u003c 73, and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6797",
"url": "https://www.suse.com/security/cve/CVE-2020-6797"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6797",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6797"
},
{
"cve": "CVE-2020-6798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6798"
}
],
"notes": [
{
"category": "general",
"text": "If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird \u003c 68.5, Firefox \u003c 73, and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6798",
"url": "https://www.suse.com/security/cve/CVE-2020-6798"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6798",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6798"
},
{
"cve": "CVE-2020-6800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6800"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird \u003c 68.5, Firefox \u003c 73, and Firefox \u003c ESR68.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6800",
"url": "https://www.suse.com/security/cve/CVE-2020-6800"
},
{
"category": "external",
"summary": "SUSE Bug 1163368 for CVE-2020-6800",
"url": "https://bugzilla.suse.com/1163368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6800"
},
{
"cve": "CVE-2020-6805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6805"
}
],
"notes": [
{
"category": "general",
"text": "When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6805",
"url": "https://www.suse.com/security/cve/CVE-2020-6805"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6805",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6805"
},
{
"cve": "CVE-2020-6806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6806"
}
],
"notes": [
{
"category": "general",
"text": "By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6806",
"url": "https://www.suse.com/security/cve/CVE-2020-6806"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6806",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6806"
},
{
"cve": "CVE-2020-6807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6807"
}
],
"notes": [
{
"category": "general",
"text": "When a device was changed while a stream was about to be destroyed, the \u003ccode\u003estream-reinit\u003c/code\u003e task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6807",
"url": "https://www.suse.com/security/cve/CVE-2020-6807"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6807",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6807"
},
{
"cve": "CVE-2020-6811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6811"
}
],
"notes": [
{
"category": "general",
"text": "The \u0027Copy as cURL\u0027 feature of Devtools\u0027 network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the \u0027Copy as Curl\u0027 feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6811",
"url": "https://www.suse.com/security/cve/CVE-2020-6811"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6811",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6811"
},
{
"cve": "CVE-2020-6812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6812"
}
],
"notes": [
{
"category": "general",
"text": "The first time AirPods are connected to an iPhone, they become named after the user\u0027s name by default (e.g. Jane Doe\u0027s AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user\u0027s name. To resolve this issue, Firefox added a special case that renames devices containing the substring \u0027AirPods\u0027 to simply \u0027AirPods\u0027. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6812",
"url": "https://www.suse.com/security/cve/CVE-2020-6812"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6812",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6812"
},
{
"cve": "CVE-2020-6814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6814"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.6, Firefox \u003c 74, Firefox \u003c ESR68.6, and Firefox ESR \u003c 68.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6814",
"url": "https://www.suse.com/security/cve/CVE-2020-6814"
},
{
"category": "external",
"summary": "SUSE Bug 1166238 for CVE-2020-6814",
"url": "https://bugzilla.suse.com/1166238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6814"
},
{
"cve": "CVE-2020-6819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6819"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox \u003c 74.0.1, and Firefox ESR \u003c 68.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6819",
"url": "https://www.suse.com/security/cve/CVE-2020-6819"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6819",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6819",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6819"
},
{
"cve": "CVE-2020-6820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6820"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox \u003c 74.0.1, and Firefox ESR \u003c 68.6.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6820",
"url": "https://www.suse.com/security/cve/CVE-2020-6820"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6820",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6820",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6820"
},
{
"cve": "CVE-2020-6821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6821"
}
],
"notes": [
{
"category": "general",
"text": "When reading from areas partially or fully outside the source resource with WebGL\u0027s \u003ccode\u003ecopyTexSubImage\u003c/code\u003e method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6821",
"url": "https://www.suse.com/security/cve/CVE-2020-6821"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6821",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6821",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6821"
},
{
"cve": "CVE-2020-6822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6822"
}
],
"notes": [
{
"category": "general",
"text": "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in \u003ccode\u003eGMPDecodeData\u003c/code\u003e. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6822",
"url": "https://www.suse.com/security/cve/CVE-2020-6822"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6822",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6822",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6822"
},
{
"cve": "CVE-2020-6825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6825"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 68.7.0, Firefox ESR \u003c 68.7, and Firefox \u003c 75.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6825",
"url": "https://www.suse.com/security/cve/CVE-2020-6825"
},
{
"category": "external",
"summary": "SUSE Bug 1168630 for CVE-2020-6825",
"url": "https://bugzilla.suse.com/1168630"
},
{
"category": "external",
"summary": "SUSE Bug 1168874 for CVE-2020-6825",
"url": "https://bugzilla.suse.com/1168874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6825"
},
{
"cve": "CVE-2020-6831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-6831"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 68.8, Firefox \u003c 76, and Thunderbird \u003c 68.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-6831",
"url": "https://www.suse.com/security/cve/CVE-2020-6831"
},
{
"category": "external",
"summary": "SUSE Bug 1171186 for CVE-2020-6831",
"url": "https://bugzilla.suse.com/1171186"
},
{
"category": "external",
"summary": "SUSE Bug 1171247 for CVE-2020-6831",
"url": "https://bugzilla.suse.com/1171247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-6831"
},
{
"cve": "CVE-2021-23953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23953"
}
],
"notes": [
{
"category": "general",
"text": "If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23953",
"url": "https://www.suse.com/security/cve/CVE-2021-23953"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23953",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23953"
},
{
"cve": "CVE-2021-23954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23954"
}
],
"notes": [
{
"category": "general",
"text": "Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23954",
"url": "https://www.suse.com/security/cve/CVE-2021-23954"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23954",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23954"
},
{
"cve": "CVE-2021-23960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23960"
}
],
"notes": [
{
"category": "general",
"text": "Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23960",
"url": "https://www.suse.com/security/cve/CVE-2021-23960"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23960",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23960"
},
{
"cve": "CVE-2021-23961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23961"
}
],
"notes": [
{
"category": "general",
"text": "Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network\u0027s hosts as well as services running on the user\u0027s local machine. This vulnerability affects Firefox \u003c 85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23961",
"url": "https://www.suse.com/security/cve/CVE-2021-23961"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23961",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23961"
},
{
"cve": "CVE-2021-23964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23964"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 85, Thunderbird \u003c 78.7, and Firefox ESR \u003c 78.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23964",
"url": "https://www.suse.com/security/cve/CVE-2021-23964"
},
{
"category": "external",
"summary": "SUSE Bug 1181414 for CVE-2021-23964",
"url": "https://bugzilla.suse.com/1181414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23964"
},
{
"cve": "CVE-2021-23968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23968"
}
],
"notes": [
{
"category": "general",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23968",
"url": "https://www.suse.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23968",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23968"
},
{
"cve": "CVE-2021-23969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23969"
}
],
"notes": [
{
"category": "general",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u0027s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23969",
"url": "https://www.suse.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23969",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23969"
},
{
"cve": "CVE-2021-23973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23973"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23973",
"url": "https://www.suse.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23973",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23973"
},
{
"cve": "CVE-2021-23978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23978"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23978",
"url": "https://www.suse.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23978",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23978"
},
{
"cve": "CVE-2021-23981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23981"
}
],
"notes": [
{
"category": "general",
"text": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23981",
"url": "https://www.suse.com/security/cve/CVE-2021-23981"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23981",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23981"
},
{
"cve": "CVE-2021-23982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23982"
}
],
"notes": [
{
"category": "general",
"text": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23982",
"url": "https://www.suse.com/security/cve/CVE-2021-23982"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23982",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23982"
},
{
"cve": "CVE-2021-23984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23984"
}
],
"notes": [
{
"category": "general",
"text": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23984",
"url": "https://www.suse.com/security/cve/CVE-2021-23984"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23984",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23984"
},
{
"cve": "CVE-2021-23987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23987"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23987",
"url": "https://www.suse.com/security/cve/CVE-2021-23987"
},
{
"category": "external",
"summary": "SUSE Bug 1183942 for CVE-2021-23987",
"url": "https://bugzilla.suse.com/1183942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23987"
},
{
"cve": "CVE-2021-23991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23991"
}
],
"notes": [
{
"category": "general",
"text": "If a Thunderbird user has previously imported Alice\u0027s OpenPGP key, and Alice has extended the validity period of her key, but Alice\u0027s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice\u0027s key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird \u003c 78.9.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23991",
"url": "https://www.suse.com/security/cve/CVE-2021-23991"
},
{
"category": "external",
"summary": "SUSE Bug 1184536 for CVE-2021-23991",
"url": "https://bugzilla.suse.com/1184536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23991"
},
{
"cve": "CVE-2021-23993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23993"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird \u003c 78.9.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23993",
"url": "https://www.suse.com/security/cve/CVE-2021-23993"
},
{
"category": "external",
"summary": "SUSE Bug 1184536 for CVE-2021-23993",
"url": "https://bugzilla.suse.com/1184536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-23993"
},
{
"cve": "CVE-2021-23994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23994"
}
],
"notes": [
{
"category": "general",
"text": "A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23994",
"url": "https://www.suse.com/security/cve/CVE-2021-23994"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23994",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23994"
},
{
"cve": "CVE-2021-23995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23995"
}
],
"notes": [
{
"category": "general",
"text": "When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23995",
"url": "https://www.suse.com/security/cve/CVE-2021-23995"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23995",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23995"
},
{
"cve": "CVE-2021-23998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23998"
}
],
"notes": [
{
"category": "general",
"text": "Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23998",
"url": "https://www.suse.com/security/cve/CVE-2021-23998"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23998",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23998"
},
{
"cve": "CVE-2021-23999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23999"
}
],
"notes": [
{
"category": "general",
"text": "If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23999",
"url": "https://www.suse.com/security/cve/CVE-2021-23999"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-23999",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23999"
},
{
"cve": "CVE-2021-24002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24002"
}
],
"notes": [
{
"category": "general",
"text": "When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24002",
"url": "https://www.suse.com/security/cve/CVE-2021-24002"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-24002",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-24002"
},
{
"cve": "CVE-2021-29945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29945"
}
],
"notes": [
{
"category": "general",
"text": "The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29945",
"url": "https://www.suse.com/security/cve/CVE-2021-29945"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-29945",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29945"
},
{
"cve": "CVE-2021-29946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29946"
}
],
"notes": [
{
"category": "general",
"text": "Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29946",
"url": "https://www.suse.com/security/cve/CVE-2021-29946"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-29946",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29946"
},
{
"cve": "CVE-2021-29948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29948"
}
],
"notes": [
{
"category": "general",
"text": "Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird \u003c 78.10.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29948",
"url": "https://www.suse.com/security/cve/CVE-2021-29948"
},
{
"category": "external",
"summary": "SUSE Bug 1184960 for CVE-2021-29948",
"url": "https://bugzilla.suse.com/1184960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29948"
},
{
"cve": "CVE-2021-29956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29956"
}
],
"notes": [
{
"category": "general",
"text": "OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user\u0027s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird \u003c 78.10.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29956",
"url": "https://www.suse.com/security/cve/CVE-2021-29956"
},
{
"category": "external",
"summary": "SUSE Bug 1186199 for CVE-2021-29956",
"url": "https://bugzilla.suse.com/1186199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-29956"
},
{
"cve": "CVE-2021-29957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29957"
}
],
"notes": [
{
"category": "general",
"text": "If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird \u003c 78.10.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29957",
"url": "https://www.suse.com/security/cve/CVE-2021-29957"
},
{
"category": "external",
"summary": "SUSE Bug 1186198 for CVE-2021-29957",
"url": "https://bugzilla.suse.com/1186198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-29957"
},
{
"cve": "CVE-2021-29964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29964"
}
],
"notes": [
{
"category": "general",
"text": "A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 78.11, Firefox \u003c 89, and Firefox ESR \u003c 78.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29964",
"url": "https://www.suse.com/security/cve/CVE-2021-29964"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29964",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29964"
},
{
"cve": "CVE-2021-29967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29967"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.11, Firefox \u003c 89, and Firefox ESR \u003c 78.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29967",
"url": "https://www.suse.com/security/cve/CVE-2021-29967"
},
{
"category": "external",
"summary": "SUSE Bug 1186696 for CVE-2021-29967",
"url": "https://bugzilla.suse.com/1186696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29967"
},
{
"cve": "CVE-2021-29969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29969"
}
],
"notes": [
{
"category": "general",
"text": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn\u0027t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn\u0027t exist on the IMAP server. This vulnerability affects Thunderbird \u003c 78.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29969",
"url": "https://www.suse.com/security/cve/CVE-2021-29969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29969"
},
{
"cve": "CVE-2021-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29970"
}
],
"notes": [
{
"category": "general",
"text": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29970",
"url": "https://www.suse.com/security/cve/CVE-2021-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29970",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29970"
},
{
"cve": "CVE-2021-29976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29976"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29976",
"url": "https://www.suse.com/security/cve/CVE-2021-29976"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29976",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29976"
},
{
"cve": "CVE-2021-29980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29980"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29980",
"url": "https://www.suse.com/security/cve/CVE-2021-29980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29980"
},
{
"cve": "CVE-2021-29984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29984"
}
],
"notes": [
{
"category": "general",
"text": "Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29984",
"url": "https://www.suse.com/security/cve/CVE-2021-29984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29984"
},
{
"cve": "CVE-2021-29985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29985"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29985",
"url": "https://www.suse.com/security/cve/CVE-2021-29985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29985"
},
{
"cve": "CVE-2021-29986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29986"
}
],
"notes": [
{
"category": "general",
"text": "A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29986",
"url": "https://www.suse.com/security/cve/CVE-2021-29986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29986"
},
{
"cve": "CVE-2021-29988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29988"
}
],
"notes": [
{
"category": "general",
"text": "Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 78.13, Thunderbird \u003c 91, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29988",
"url": "https://www.suse.com/security/cve/CVE-2021-29988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29988"
},
{
"cve": "CVE-2021-29989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29989"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.13, Firefox ESR \u003c 78.13, and Firefox \u003c 91.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29989",
"url": "https://www.suse.com/security/cve/CVE-2021-29989"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29989"
},
{
"cve": "CVE-2021-29991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29991"
}
],
"notes": [
{
"category": "general",
"text": "Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox \u003c 91.0.1 and Thunderbird \u003c 91.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29991",
"url": "https://www.suse.com/security/cve/CVE-2021-29991"
},
{
"category": "external",
"summary": "SUSE Bug 1189547 for CVE-2021-29991",
"url": "https://bugzilla.suse.com/1189547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29991"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
},
{
"cve": "CVE-2021-38492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38492"
}
],
"notes": [
{
"category": "general",
"text": "When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38492",
"url": "https://www.suse.com/security/cve/CVE-2021-38492"
},
{
"category": "external",
"summary": "SUSE Bug 1190269 for CVE-2021-38492",
"url": "https://bugzilla.suse.com/1190269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38492"
},
{
"cve": "CVE-2021-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38495"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 91.1 and Firefox ESR \u003c 91.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38495",
"url": "https://www.suse.com/security/cve/CVE-2021-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1190269 for CVE-2021-38495",
"url": "https://bugzilla.suse.com/1190269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-common-91.1.1-1.1.x86_64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.aarch64",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.s390x",
"openSUSE Tumbleweed:MozillaThunderbird-translations-other-91.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-38495"
}
]
}
OPENSUSE-SU-2024:14572-1
Vulnerability from csaf_opensuse - Published: 2024-12-12 00:00 - Updated: 2024-12-12 00:00Summary
firefox-esr-128.5.1-1.1 on GA media
Notes
Title of the patch
firefox-esr-128.5.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the firefox-esr-128.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).