{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"31.6.0esr-30.1","MozillaFirefox-translations":"31.6.0esr-30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"31.6.0esr-30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues.\n\nThe following vulnerabilities were fixed:\n\n* Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815)\n* Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813)\n* resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816)\n* CORS requests should not follow 30x redirections after preflight (MFSA 2015-37/CVE-2015-0807)\n* Same-origin bypass through anchor navigation (MFSA 2015-40/CVE-2015-0801)\n","id":"SUSE-SU-2015:0704-2","modified":"2015-04-02T14:42:07Z","published":"2015-04-02T14:42:07Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20150704-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/925368"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0807"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0813"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0814"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0816"}],"related":["CVE-2015-0801","CVE-2015-0807","CVE-2015-0813","CVE-2015-0814","CVE-2015-0815","CVE-2015-0816"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2015-0801","CVE-2015-0807","CVE-2015-0813","CVE-2015-0814","CVE-2015-0815","CVE-2015-0816"]}