{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.4.0esr-52.1","MozillaFirefox-translations":"45.4.0esr-52.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.4.0esr-52.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nMozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701):\n\nThe following security issue were fixed:\n* MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString\n* MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin\n* MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList\n* MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState\n* MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick\n* MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame\n* MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap\n* MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength\n* MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration\n* MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page\n* MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel\n* MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4\n","id":"SUSE-SU-2016:2431-1","modified":"2016-10-04T07:33:56Z","published":"2016-10-04T07:33:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/999701"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5250"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5257"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5261"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5270"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5272"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5274"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5276"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5277"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5278"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5280"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5281"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5284"}],"related":["CVE-2016-5250","CVE-2016-5257","CVE-2016-5261","CVE-2016-5270","CVE-2016-5272","CVE-2016-5274","CVE-2016-5276","CVE-2016-5277","CVE-2016-5278","CVE-2016-5280","CVE-2016-5281","CVE-2016-5284"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2016-5250","CVE-2016-5257","CVE-2016-5261","CVE-2016-5270","CVE-2016-5272","CVE-2016-5274","CVE-2016-5276","CVE-2016-5277","CVE-2016-5278","CVE-2016-5280","CVE-2016-5281","CVE-2016-5284"]}