{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.6.1esr-109.63.2","MozillaFirefox-devel":"60.6.1esr-109.63.2","MozillaFirefox-translations-common":"60.6.1esr-109.63.2"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1esr-109.63.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\nSecurity issuess addressed:\t  \n\n- update to Firefox ESR 60.6.1 (bsc#1130262):\n\n- CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations\n- CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information\n\n- Update to Firefox ESR 60.6 (bsc#1129821):\n\n- CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file \n- CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content\n- CVE-2019-9788: Fixed multiple memory safety bugs\n- CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements\n- CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement \n  with IonMonkey\n- CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script\n- CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled\n- CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution\n- CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler\n- CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller\n\n\n- Update to Firefox ESR 60.5.1 (bsc#1125330):\n\n- CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when\n    creating a path, leading to a potentially exploitable crash.\n- CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur\n  after specific transform operations, leading to a potentially exploitable crash.\n- CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with\n  Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration \n  in Firefox ESR.  Note: this does not affect other versions and platforms where Canvas 2D\n  acceleration is already disabled by default.\n\nOther issue addressed: \n\n- Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987).\n\nRelease notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/\nRelease notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/\nRelease notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/\t  \n","id":"SUSE-SU-2019:0852-1","modified":"2019-04-03T09:05:25Z","published":"2019-04-03T09:05:25Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20190852-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1125330"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127987"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1130262"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18335"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18356"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18506"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9788"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9790"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9791"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9792"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9810"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9813"}],"related":["CVE-2018-18335","CVE-2018-18356","CVE-2018-18506","CVE-2019-5785","CVE-2019-9788","CVE-2019-9790","CVE-2019-9791","CVE-2019-9792","CVE-2019-9793","CVE-2019-9794","CVE-2019-9795","CVE-2019-9796","CVE-2019-9801","CVE-2019-9810","CVE-2019-9813"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2018-18335","CVE-2018-18356","CVE-2018-18506","CVE-2019-5785","CVE-2019-9788","CVE-2019-9790","CVE-2019-9791","CVE-2019-9792","CVE-2019-9793","CVE-2019-9794","CVE-2019-9795","CVE-2019-9796","CVE-2019-9801","CVE-2019-9810","CVE-2019-9813"]}