{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"38.2.1esr-45.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"31.0-14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.19.2.0-26.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"38.2.1esr-45.1","mozilla-nss-devel":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"38.2.1esr-45.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"38.2.1esr-45.1","mozilla-nss-devel":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.19.2.0-26.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libfreebl3-hmac":"3.19.2.0-26.2","libfreebl3-hmac-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","libsoftokn3-hmac":"3.19.2.0-26.2","libsoftokn3-hmac-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"38.2.1esr-45.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libfreebl3-hmac":"3.19.2.0-26.2","libfreebl3-hmac-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","libsoftokn3-hmac":"3.19.2.0-26.2","libsoftokn3-hmac-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"31.0-14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libfreebl3-hmac":"3.19.2.0-26.2","libfreebl3-hmac-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","libsoftokn3-hmac":"3.19.2.0-26.2","libsoftokn3-hmac-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.19.2.0-26.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libfreebl3-hmac":"3.19.2.0-26.2","libfreebl3-hmac-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","libsoftokn3-hmac":"3.19.2.0-26.2","libsoftokn3-hmac-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"38.2.1esr-45.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libfreebl3-hmac":"3.19.2.0-26.2","libfreebl3-hmac-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","libsoftokn3-hmac":"3.19.2.0-26.2","libsoftokn3-hmac-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"31.0-14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"38.2.1esr-45.1","MozillaFirefox-branding-SLE":"31.0-14.1","MozillaFirefox-translations":"38.2.1esr-45.1","libfreebl3":"3.19.2.0-26.2","libfreebl3-32bit":"3.19.2.0-26.2","libfreebl3-hmac":"3.19.2.0-26.2","libfreebl3-hmac-32bit":"3.19.2.0-26.2","libsoftokn3":"3.19.2.0-26.2","libsoftokn3-32bit":"3.19.2.0-26.2","libsoftokn3-hmac":"3.19.2.0-26.2","libsoftokn3-hmac-32bit":"3.19.2.0-26.2","mozilla-nss":"3.19.2.0-26.2","mozilla-nss-32bit":"3.19.2.0-26.2","mozilla-nss-certs":"3.19.2.0-26.2","mozilla-nss-certs-32bit":"3.19.2.0-26.2","mozilla-nss-tools":"3.19.2.0-26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.19.2.0-26.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nMozilla Firefox was updated to version 38.2.1 ESR to fix several\ncritical and non critical security vulnerabilities.\n\n- Firefox was updated to 38.2.1 ESR (bsc#943608)\n  * MFSA 2015-94/CVE-2015-4497 (bsc#943557)\n    Use-after-free when resizing canvas element during restyling\n  * MFSA 2015-95/CVE-2015-4498 (bsc#943558)\n    Add-on notification bypass through data URLs\n\n- Firefox was updated to 38.2.0 ESR (bsc#940806)\n  * MFSA 2015-78/CVE-2015-4495\n    (bmo#1178058, bmo#1179262)\n    Same origin violation and local file stealing via PDF reader\n  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474\n    (bmo#1143130, bmo#1161719, bmo#1177501, bmo#1181204,\n     bmo#1184068, bmo#1188590, bmo#1146213, bmo#1178890,\n     bmo#1182711)\n    Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)\n  * MFSA 2015-80/CVE-2015-4475\n    (bmo#1175396)\n    Out-of-bounds read with malformed MP3 file\n  * MFSA 2015-82/CVE-2015-4478\n    (bmo#1105914)\n    Redefinition of non-configurable JavaScript object properties\n  * MFSA 2015-83/CVE-2015-4479\n    (bmo#1185115, bmo#1144107, bmo#1170344, bmo#1186718)\n    Overflow issues in libstagefright\n  * MFSA 2015-87/CVE-2015-4484\n    (bmo#1171540)\n    Crash when using shared memory in JavaScript\n  * MFSA 2015-88/CVE-2015-4491\n    (bmo#1184009)\n    Heap overflow in gdk-pixbuf when scaling bitmap images\n  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486\n    (bmo#1177948, bmo#1178148)\n    Buffer overflows on Libvpx when decoding WebM video\n  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489\n    (bmo#1176270, bmo#1182723, bmo#1171603)\n    Vulnerabilities found through code inspection\n  * MFSA 2015-92/CVE-2015-4492\n    (bmo#1185820)\n    Use-after-free in XMLHttpRequest with shared workers\n\nMozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox 38ESR uses.\n","id":"SUSE-SU-2015:1476-1","modified":"2015-09-01T17:33:17Z","published":"2015-09-01T17:33:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151476-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/940806"},{"type":"REPORT","url":"https://bugzilla.suse.com/943557"},{"type":"REPORT","url":"https://bugzilla.suse.com/943558"},{"type":"REPORT","url":"https://bugzilla.suse.com/943608"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4473"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4474"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4475"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4478"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4479"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4484"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4485"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4486"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4487"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4488"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4489"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4491"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4492"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4495"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4497"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4498"}],"related":["CVE-2015-4473","CVE-2015-4474","CVE-2015-4475","CVE-2015-4478","CVE-2015-4479","CVE-2015-4484","CVE-2015-4485","CVE-2015-4486","CVE-2015-4487","CVE-2015-4488","CVE-2015-4489","CVE-2015-4491","CVE-2015-4492","CVE-2015-4495","CVE-2015-4497","CVE-2015-4498"],"summary":"Security update for MozillaFirefox, mozilla-nss","upstream":["CVE-2015-4473","CVE-2015-4474","CVE-2015-4475","CVE-2015-4478","CVE-2015-4479","CVE-2015-4484","CVE-2015-4485","CVE-2015-4486","CVE-2015-4487","CVE-2015-4488","CVE-2015-4489","CVE-2015-4491","CVE-2015-4492","CVE-2015-4495","CVE-2015-4497","CVE-2015-4498"]}