suse-su-2016:0909-1
Vulnerability from csaf_suse
Published
2016-03-30 10:06
Modified
2016-03-30 10:06
Summary
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss
Notes
Title of the patch
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss
Description of the patch
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues:
Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing
following security issues:
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
* MFSA 2016-17/CVE-2016-1954
Local file overwriting and potential privilege escalation
through CSP reports
* MFSA 2016-20/CVE-2016-1957
Memory leak in libstagefright when deleting an array during
MP4 processing
* MFSA 2016-21/CVE-2016-1958
Displayed page address can be overridden
* MFSA 2016-23/CVE-2016-1960
Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961
Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962
Use-after-free when using multiple WebRTC data channels
* MFSA 2016-27/CVE-2016-1964
Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965
Addressbar spoofing though history navigation and Location
protocol property
* MFSA 2016-31/CVE-2016-1966
Memory corruption with malicious NPAPI plugin
* MFSA 2016-34/CVE-2016-1974
Out-of-bounds read in HTML parser following a failed
allocation
* MFSA 2016-35/CVE-2016-1950
Buffer overflow during ASN.1 decoding in NSS
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Font vulnerabilities in the Graphite 2 library
Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs:
* added a PR_GetEnvSecure function, which attempts to detect if
the program is being executed with elevated privileges, and
returns NULL if detected. It is recommended to use this function
in general purpose library code.
* fixed a memory allocation bug related to the PR_*printf functions
* exported API PR_DuplicateEnvironment, which had already been
added in NSPR 4.10.9
* added support for FreeBSD aarch64
* several minor correctness and compatibility fixes
Mozilla NSS was updated to fix security issues (bsc#969894):
* MFSA 2016-15/CVE-2016-1978
Use-after-free in NSS during SSL connections in low memory
* MFSA 2016-35/CVE-2016-1950
Buffer overflow during ASN.1 decoding in NSS
* MFSA 2016-36/CVE-2016-1979
Use-after-free during processing of DER encoded keys in NSS
Patchnames
slessp2-firefox-20160310-12483
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues:\n\nMozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing\nfollowing security issues:\n* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953\n Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)\n* MFSA 2016-17/CVE-2016-1954\n Local file overwriting and potential privilege escalation\n through CSP reports\n* MFSA 2016-20/CVE-2016-1957\n Memory leak in libstagefright when deleting an array during\n MP4 processing\n* MFSA 2016-21/CVE-2016-1958\n Displayed page address can be overridden\n* MFSA 2016-23/CVE-2016-1960\n Use-after-free in HTML5 string parser\n* MFSA 2016-24/CVE-2016-1961\n Use-after-free in SetBody\n* MFSA 2016-25/CVE-2016-1962\n Use-after-free when using multiple WebRTC data channels\n* MFSA 2016-27/CVE-2016-1964\n Use-after-free during XML transformations\n* MFSA 2016-28/CVE-2016-1965\n Addressbar spoofing though history navigation and Location\n protocol property\n* MFSA 2016-31/CVE-2016-1966\n Memory corruption with malicious NPAPI plugin\n* MFSA 2016-34/CVE-2016-1974\n Out-of-bounds read in HTML parser following a failed\n allocation\n* MFSA 2016-35/CVE-2016-1950\n Buffer overflow during ASN.1 decoding in NSS\n* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n Font vulnerabilities in the Graphite 2 library\n\nMozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs:\n* added a PR_GetEnvSecure function, which attempts to detect if\n the program is being executed with elevated privileges, and\n returns NULL if detected. It is recommended to use this function\n in general purpose library code.\n* fixed a memory allocation bug related to the PR_*printf functions\n* exported API PR_DuplicateEnvironment, which had already been\n added in NSPR 4.10.9\n* added support for FreeBSD aarch64\n* several minor correctness and compatibility fixes\n\nMozilla NSS was updated to fix security issues (bsc#969894):\n* MFSA 2016-15/CVE-2016-1978\n Use-after-free in NSS during SSL connections in low memory\n* MFSA 2016-35/CVE-2016-1950\n Buffer overflow during ASN.1 decoding in NSS\n* MFSA 2016-36/CVE-2016-1979\n Use-after-free during processing of DER encoded keys in NSS\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp2-firefox-20160310-12483",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0909-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0909-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160909-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0909-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001971.html"
},
{
"category": "self",
"summary": "SUSE Bug 969894",
"url": "https://bugzilla.suse.com/969894"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1950 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1952 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1953 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1954 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1957 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1958 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1960 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1961 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1962 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1964 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1965 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1966 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1974 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1977 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1978 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1979 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2790 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2791 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2792 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2793 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2794 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2795 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2796 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2797 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2798 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2799 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2800 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2801 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2802 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2802/"
}
],
"title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss",
"tracking": {
"current_release_date": "2016-03-30T10:06:02Z",
"generator": {
"date": "2016-03-30T10:06:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0909-1",
"initial_release_date": "2016-03-30T10:06:02Z",
"revision_history": [
{
"date": "2016-03-30T10:06:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-38.7.0esr-36.3.i586",
"product": {
"name": "MozillaFirefox-38.7.0esr-36.3.i586",
"product_id": "MozillaFirefox-38.7.0esr-36.3.i586"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-38.7.0esr-36.3.i586",
"product": {
"name": "MozillaFirefox-translations-38.7.0esr-36.3.i586",
"product_id": "MozillaFirefox-translations-38.7.0esr-36.3.i586"
}
},
{
"category": "product_version",
"name": "libfreebl3-3.20.2-20.1.i586",
"product": {
"name": "libfreebl3-3.20.2-20.1.i586",
"product_id": "libfreebl3-3.20.2-20.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-4.12-19.1.i586",
"product": {
"name": "mozilla-nspr-4.12-19.1.i586",
"product_id": "mozilla-nspr-4.12-19.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-devel-4.12-19.1.i586",
"product": {
"name": "mozilla-nspr-devel-4.12-19.1.i586",
"product_id": "mozilla-nspr-devel-4.12-19.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.20.2-20.1.i586",
"product": {
"name": "mozilla-nss-3.20.2-20.1.i586",
"product_id": "mozilla-nss-3.20.2-20.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-devel-3.20.2-20.1.i586",
"product": {
"name": "mozilla-nss-devel-3.20.2-20.1.i586",
"product_id": "mozilla-nss-devel-3.20.2-20.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.20.2-20.1.i586",
"product": {
"name": "mozilla-nss-tools-3.20.2-20.1.i586",
"product_id": "mozilla-nss-tools-3.20.2-20.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-38.7.0esr-36.3.s390x",
"product": {
"name": "MozillaFirefox-38.7.0esr-36.3.s390x",
"product_id": "MozillaFirefox-38.7.0esr-36.3.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"product": {
"name": "MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"product_id": "MozillaFirefox-translations-38.7.0esr-36.3.s390x"
}
},
{
"category": "product_version",
"name": "libfreebl3-3.20.2-20.1.s390x",
"product": {
"name": "libfreebl3-3.20.2-20.1.s390x",
"product_id": "libfreebl3-3.20.2-20.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreebl3-32bit-3.20.2-20.1.s390x",
"product": {
"name": "libfreebl3-32bit-3.20.2-20.1.s390x",
"product_id": "libfreebl3-32bit-3.20.2-20.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-4.12-19.1.s390x",
"product": {
"name": "mozilla-nspr-4.12-19.1.s390x",
"product_id": "mozilla-nspr-4.12-19.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-32bit-4.12-19.1.s390x",
"product": {
"name": "mozilla-nspr-32bit-4.12-19.1.s390x",
"product_id": "mozilla-nspr-32bit-4.12-19.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-devel-4.12-19.1.s390x",
"product": {
"name": "mozilla-nspr-devel-4.12-19.1.s390x",
"product_id": "mozilla-nspr-devel-4.12-19.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.20.2-20.1.s390x",
"product": {
"name": "mozilla-nss-3.20.2-20.1.s390x",
"product_id": "mozilla-nss-3.20.2-20.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nss-32bit-3.20.2-20.1.s390x",
"product": {
"name": "mozilla-nss-32bit-3.20.2-20.1.s390x",
"product_id": "mozilla-nss-32bit-3.20.2-20.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nss-devel-3.20.2-20.1.s390x",
"product": {
"name": "mozilla-nss-devel-3.20.2-20.1.s390x",
"product_id": "mozilla-nss-devel-3.20.2-20.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.20.2-20.1.s390x",
"product": {
"name": "mozilla-nss-tools-3.20.2-20.1.s390x",
"product_id": "mozilla-nss-tools-3.20.2-20.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-38.7.0esr-36.3.x86_64",
"product": {
"name": "MozillaFirefox-38.7.0esr-36.3.x86_64",
"product_id": "MozillaFirefox-38.7.0esr-36.3.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"product": {
"name": "MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"product_id": "MozillaFirefox-translations-38.7.0esr-36.3.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-3.20.2-20.1.x86_64",
"product": {
"name": "libfreebl3-3.20.2-20.1.x86_64",
"product_id": "libfreebl3-3.20.2-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-32bit-3.20.2-20.1.x86_64",
"product": {
"name": "libfreebl3-32bit-3.20.2-20.1.x86_64",
"product_id": "libfreebl3-32bit-3.20.2-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-4.12-19.1.x86_64",
"product": {
"name": "mozilla-nspr-4.12-19.1.x86_64",
"product_id": "mozilla-nspr-4.12-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-32bit-4.12-19.1.x86_64",
"product": {
"name": "mozilla-nspr-32bit-4.12-19.1.x86_64",
"product_id": "mozilla-nspr-32bit-4.12-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-devel-4.12-19.1.x86_64",
"product": {
"name": "mozilla-nspr-devel-4.12-19.1.x86_64",
"product_id": "mozilla-nspr-devel-4.12-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.20.2-20.1.x86_64",
"product": {
"name": "mozilla-nss-3.20.2-20.1.x86_64",
"product_id": "mozilla-nss-3.20.2-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-32bit-3.20.2-20.1.x86_64",
"product": {
"name": "mozilla-nss-32bit-3.20.2-20.1.x86_64",
"product_id": "mozilla-nss-32bit-3.20.2-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-devel-3.20.2-20.1.x86_64",
"product": {
"name": "mozilla-nss-devel-3.20.2-20.1.x86_64",
"product_id": "mozilla-nss-devel-3.20.2-20.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.20.2-20.1.x86_64",
"product": {
"name": "mozilla-nss-tools-3.20.2-20.1.x86_64",
"product_id": "mozilla-nss-tools-3.20.2-20.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-38.7.0esr-36.3.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586"
},
"product_reference": "MozillaFirefox-38.7.0esr-36.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-38.7.0esr-36.3.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x"
},
"product_reference": "MozillaFirefox-38.7.0esr-36.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-38.7.0esr-36.3.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64"
},
"product_reference": "MozillaFirefox-38.7.0esr-36.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-38.7.0esr-36.3.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586"
},
"product_reference": "MozillaFirefox-translations-38.7.0esr-36.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-38.7.0esr-36.3.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x"
},
"product_reference": "MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-38.7.0esr-36.3.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64"
},
"product_reference": "MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.20.2-20.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586"
},
"product_reference": "libfreebl3-3.20.2-20.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.20.2-20.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x"
},
"product_reference": "libfreebl3-3.20.2-20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.20.2-20.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64"
},
"product_reference": "libfreebl3-3.20.2-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-32bit-3.20.2-20.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x"
},
"product_reference": "libfreebl3-32bit-3.20.2-20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-32bit-3.20.2-20.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64"
},
"product_reference": "libfreebl3-32bit-3.20.2-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-4.12-19.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586"
},
"product_reference": "mozilla-nspr-4.12-19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-4.12-19.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x"
},
"product_reference": "mozilla-nspr-4.12-19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-4.12-19.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64"
},
"product_reference": "mozilla-nspr-4.12-19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-32bit-4.12-19.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x"
},
"product_reference": "mozilla-nspr-32bit-4.12-19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-32bit-4.12-19.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64"
},
"product_reference": "mozilla-nspr-32bit-4.12-19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-devel-4.12-19.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586"
},
"product_reference": "mozilla-nspr-devel-4.12-19.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-devel-4.12-19.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x"
},
"product_reference": "mozilla-nspr-devel-4.12-19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-devel-4.12-19.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64"
},
"product_reference": "mozilla-nspr-devel-4.12-19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.20.2-20.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586"
},
"product_reference": "mozilla-nss-3.20.2-20.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.20.2-20.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x"
},
"product_reference": "mozilla-nss-3.20.2-20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.20.2-20.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64"
},
"product_reference": "mozilla-nss-3.20.2-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-32bit-3.20.2-20.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x"
},
"product_reference": "mozilla-nss-32bit-3.20.2-20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-32bit-3.20.2-20.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64"
},
"product_reference": "mozilla-nss-32bit-3.20.2-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-devel-3.20.2-20.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586"
},
"product_reference": "mozilla-nss-devel-3.20.2-20.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-devel-3.20.2-20.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x"
},
"product_reference": "mozilla-nss-devel-3.20.2-20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-devel-3.20.2-20.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64"
},
"product_reference": "mozilla-nss-devel-3.20.2-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.20.2-20.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586"
},
"product_reference": "mozilla-nss-tools-3.20.2-20.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.20.2-20.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x"
},
"product_reference": "mozilla-nss-tools-3.20.2-20.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.20.2-20.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
},
"product_reference": "mozilla-nss-tools-3.20.2-20.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1950"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1950",
"url": "https://www.suse.com/security/cve/CVE-2016-1950"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/969894"
},
{
"category": "external",
"summary": "SUSE Bug 970257 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970257"
},
{
"category": "external",
"summary": "SUSE Bug 970377 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970377"
},
{
"category": "external",
"summary": "SUSE Bug 970378 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970378"
},
{
"category": "external",
"summary": "SUSE Bug 970379 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970379"
},
{
"category": "external",
"summary": "SUSE Bug 970380 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970380"
},
{
"category": "external",
"summary": "SUSE Bug 970381 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970381"
},
{
"category": "external",
"summary": "SUSE Bug 970431 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970431"
},
{
"category": "external",
"summary": "SUSE Bug 970433 for CVE-2016-1950",
"url": "https://bugzilla.suse.com/970433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1950"
},
{
"cve": "CVE-2016-1952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1952"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1952",
"url": "https://www.suse.com/security/cve/CVE-2016-1952"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1952",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1952"
},
{
"cve": "CVE-2016-1953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1953"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1953",
"url": "https://www.suse.com/security/cve/CVE-2016-1953"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1953",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1953"
},
{
"cve": "CVE-2016-1954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1954"
}
],
"notes": [
{
"category": "general",
"text": "The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1954",
"url": "https://www.suse.com/security/cve/CVE-2016-1954"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1954",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1954"
},
{
"cve": "CVE-2016-1957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1957"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1957",
"url": "https://www.suse.com/security/cve/CVE-2016-1957"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1957",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "moderate"
}
],
"title": "CVE-2016-1957"
},
{
"cve": "CVE-2016-1958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1958"
}
],
"notes": [
{
"category": "general",
"text": "browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1958",
"url": "https://www.suse.com/security/cve/CVE-2016-1958"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1958",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "moderate"
}
],
"title": "CVE-2016-1958"
},
{
"cve": "CVE-2016-1960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1960"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1960",
"url": "https://www.suse.com/security/cve/CVE-2016-1960"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1960",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1960"
},
{
"cve": "CVE-2016-1961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1961"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1961",
"url": "https://www.suse.com/security/cve/CVE-2016-1961"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1961",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1961"
},
{
"cve": "CVE-2016-1962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1962"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1962",
"url": "https://www.suse.com/security/cve/CVE-2016-1962"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1962",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "critical"
}
],
"title": "CVE-2016-1962"
},
{
"cve": "CVE-2016-1964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1964"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1964",
"url": "https://www.suse.com/security/cve/CVE-2016-1964"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1964",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1964"
},
{
"cve": "CVE-2016-1965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1965"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1965",
"url": "https://www.suse.com/security/cve/CVE-2016-1965"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1965",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "moderate"
}
],
"title": "CVE-2016-1965"
},
{
"cve": "CVE-2016-1966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1966"
}
],
"notes": [
{
"category": "general",
"text": "The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1966",
"url": "https://www.suse.com/security/cve/CVE-2016-1966"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1966",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1966"
},
{
"cve": "CVE-2016-1974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1974"
}
],
"notes": [
{
"category": "general",
"text": "The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1974",
"url": "https://www.suse.com/security/cve/CVE-2016-1974"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1974",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1974"
},
{
"cve": "CVE-2016-1977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1977"
}
],
"notes": [
{
"category": "general",
"text": "The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1977",
"url": "https://www.suse.com/security/cve/CVE-2016-1977"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1977",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1977"
},
{
"cve": "CVE-2016-1978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1978"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1978",
"url": "https://www.suse.com/security/cve/CVE-2016-1978"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1978",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1978"
},
{
"cve": "CVE-2016-1979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1979"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1979",
"url": "https://www.suse.com/security/cve/CVE-2016-1979"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-1979",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-1979"
},
{
"cve": "CVE-2016-2790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2790"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2790",
"url": "https://www.suse.com/security/cve/CVE-2016-2790"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2790",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2790"
},
{
"cve": "CVE-2016-2791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2791"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2791",
"url": "https://www.suse.com/security/cve/CVE-2016-2791"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2791",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2791"
},
{
"cve": "CVE-2016-2792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2792"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2792",
"url": "https://www.suse.com/security/cve/CVE-2016-2792"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2792",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2792"
},
{
"cve": "CVE-2016-2793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2793"
}
],
"notes": [
{
"category": "general",
"text": "CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2793",
"url": "https://www.suse.com/security/cve/CVE-2016-2793"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2793",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2793"
},
{
"cve": "CVE-2016-2794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2794"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2794",
"url": "https://www.suse.com/security/cve/CVE-2016-2794"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2794",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "critical"
}
],
"title": "CVE-2016-2794"
},
{
"cve": "CVE-2016-2795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2795"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2795",
"url": "https://www.suse.com/security/cve/CVE-2016-2795"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2795",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2795"
},
{
"cve": "CVE-2016-2796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2796"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2796",
"url": "https://www.suse.com/security/cve/CVE-2016-2796"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2796",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2796"
},
{
"cve": "CVE-2016-2797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2797"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2797",
"url": "https://www.suse.com/security/cve/CVE-2016-2797"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2797",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2797"
},
{
"cve": "CVE-2016-2798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2798"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2798",
"url": "https://www.suse.com/security/cve/CVE-2016-2798"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2798",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2798"
},
{
"cve": "CVE-2016-2799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2799"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2799",
"url": "https://www.suse.com/security/cve/CVE-2016-2799"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2799",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "critical"
}
],
"title": "CVE-2016-2799"
},
{
"cve": "CVE-2016-2800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2800"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2800",
"url": "https://www.suse.com/security/cve/CVE-2016-2800"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2800",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2800"
},
{
"cve": "CVE-2016-2801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2801"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2801",
"url": "https://www.suse.com/security/cve/CVE-2016-2801"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2801",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2801"
},
{
"cve": "CVE-2016-2802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2802"
}
],
"notes": [
{
"category": "general",
"text": "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2802",
"url": "https://www.suse.com/security/cve/CVE-2016-2802"
},
{
"category": "external",
"summary": "SUSE Bug 969894 for CVE-2016-2802",
"url": "https://bugzilla.suse.com/969894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-38.7.0esr-36.3.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-32bit-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nspr-devel-4.12-19.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.20.2-20.1.x86_64",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.i586",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.s390x",
"SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.20.2-20.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-03-30T10:06:02Z",
"details": "important"
}
],
"title": "CVE-2016-2802"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…