suse-su-2018:2890-1
Vulnerability from csaf_suse
Published
2018-09-27 10:04
Modified
2018-09-27 10:04
Summary
Security update for MozillaFirefox

Notes

Title of the patch
Security update for MozillaFirefox
Description of the patch
This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343).
Patchnames
SUSE-SLE-Module-Desktop-Applications-15-2018-2053
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaFirefox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaFirefox to ESR 60.2 fixes several issues.\n\nThese general changes are part of the version 60 release.\n\n- New browser engine with speed improvements\n- Redesigned graphical user interface elements\n- Unified address and search bar for new installations\n- New tab page listing top visited, recently visited and recommended pages\n- Support for configuration policies in enterprise deployments via JSON files\n- Support for Web Authentication, allowing the use of USB tokens for\n  authentication to web sites\n\nThe following changes affect compatibility:\n\n- Now exclusively supports extensions built using the WebExtension API.\n- Unsupported legacy extensions will no longer work in Firefox 60 ESR\n- TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted\n  The \u0027security.pki.distrust_ca_policy\u0027 preference can be set to 0 to reinstate\n  trust in those certificates\n\nThe following issues affect performance:\n\n- new format for storing private keys, certificates and certificate trust\n  If the user home or data directory is on a network file system, it is\n  recommended that users set the following environment variable to avoid\n  slowdowns: NSS_SDB_USE_CACHE=yes\n  This setting is not recommended for local, fast file systems.\n\nThese security issues were fixed:\n\n- CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343).\n- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343).\n- CVE-2018-12376: Various memory safety bugs (bsc#1107343).\n- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343).\n- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343).\n- CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Module-Desktop-Applications-15-2018-2053",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2890-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2890-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182890-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2890-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004610.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1107343",
        "url": "https://bugzilla.suse.com/1107343"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16541 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16541/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12376 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12376/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12377 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12377/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12378 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12378/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12379 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12379/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12381 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12381/"
      }
    ],
    "title": "Security update for MozillaFirefox",
    "tracking": {
      "current_release_date": "2018-09-27T10:04:13Z",
      "generator": {
        "date": "2018-09-27T10:04:13Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2890-1",
      "initial_release_date": "2018-09-27T10:04:13Z",
      "revision_history": [
        {
          "date": "2018-09-27T10:04:13Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.2.0-3.10.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-60.2.0-3.10.1.aarch64",
                  "product_id": "MozillaFirefox-60.2.0-3.10.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
                  "product_id": "MozillaFirefox-branding-SLE-60-4.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
                  "product_id": "MozillaFirefox-devel-60.2.0-3.10.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
                  "product_id": "MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
                  "product_id": "MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.2.0-3.10.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-60.2.0-3.10.1.ppc64le",
                  "product_id": "MozillaFirefox-60.2.0-3.10.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
                  "product_id": "MozillaFirefox-branding-SLE-60-4.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
                  "product_id": "MozillaFirefox-devel-60.2.0-3.10.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-60.2.0-3.10.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-60.2.0-3.10.1.x86_64",
                  "product_id": "MozillaFirefox-60.2.0-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
                  "product_id": "MozillaFirefox-branding-SLE-60-4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
                  "product_id": "MozillaFirefox-devel-60.2.0-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-desktop-applications:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.2.0-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64"
        },
        "product_reference": "MozillaFirefox-60.2.0-3.10.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.2.0-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-60.2.0-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-60.2.0-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64"
        },
        "product_reference": "MozillaFirefox-60.2.0-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-SLE-60-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64"
        },
        "product_reference": "MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-SLE-60-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-SLE-60-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64"
        },
        "product_reference": "MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-60.2.0-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64"
        },
        "product_reference": "MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-60.2.0-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-60.2.0-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
          "product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-16541",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16541"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16541",
          "url": "https://www.suse.com/security/cve/CVE-2017-16541"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066489 for CVE-2017-16541",
          "url": "https://bugzilla.suse.com/1066489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107343 for CVE-2017-16541",
          "url": "https://bugzilla.suse.com/1107343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-27T10:04:13Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16541"
    },
    {
      "cve": "CVE-2018-12376",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12376"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12376",
          "url": "https://www.suse.com/security/cve/CVE-2018-12376"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107343 for CVE-2018-12376",
          "url": "https://bugzilla.suse.com/1107343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-27T10:04:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12376"
    },
    {
      "cve": "CVE-2018-12377",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12377"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12377",
          "url": "https://www.suse.com/security/cve/CVE-2018-12377"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107343 for CVE-2018-12377",
          "url": "https://bugzilla.suse.com/1107343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-27T10:04:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12377"
    },
    {
      "cve": "CVE-2018-12378",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12378"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12378",
          "url": "https://www.suse.com/security/cve/CVE-2018-12378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107343 for CVE-2018-12378",
          "url": "https://bugzilla.suse.com/1107343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-27T10:04:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12378"
    },
    {
      "cve": "CVE-2018-12379",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12379"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12379",
          "url": "https://www.suse.com/security/cve/CVE-2018-12379"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107343 for CVE-2018-12379",
          "url": "https://bugzilla.suse.com/1107343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-27T10:04:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12379"
    },
    {
      "cve": "CVE-2018-12381",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12381"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message\u0027s mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR \u003c 60.2 and Firefox \u003c 62.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
          "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12381",
          "url": "https://www.suse.com/security/cve/CVE-2018-12381"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107343 for CVE-2018-12381",
          "url": "https://bugzilla.suse.com/1107343"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-branding-SLE-60-4.3.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.2.0-3.10.1.x86_64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.aarch64",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.ppc64le",
            "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.2.0-3.10.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-27T10:04:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12381"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.