{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Manager 2.1","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 2.1","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%20Proxy%202.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.8.0esr-68.1","MozillaFirefox-translations":"45.8.0esr-68.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0esr-68.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for MozillaFirefox to ESR 45.8 fixes the following issues:\n\nSecurity issues fixed (bsc#1028391):\n- CVE-2017-5402: Use-after-free working with events in FontFace objects\n- CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping\n- CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n- CVE-2017-5401: Memory Corruption when handling ErrorResult\n- CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters\n- CVE-2017-5404: Use-after-free working with ranges in selections\n- CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports\n- CVE-2017-5408: Cross-origin reading of video captions in violation of CORS\n- CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service\n- CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8\n\nBugfixes:\n- fix crashes on Itanium (bsc#1027527)\n","id":"SUSE-SU-2017:0732-1","modified":"2017-03-17T14:19:04Z","published":"2017-03-17T14:19:04Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20170732-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027527"},{"type":"REPORT","url":"https://bugzilla.suse.com/1028391"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5398"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5400"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5401"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5402"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5404"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5405"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5407"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5408"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5409"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5410"}],"related":["CVE-2017-5398","CVE-2017-5400","CVE-2017-5401","CVE-2017-5402","CVE-2017-5404","CVE-2017-5405","CVE-2017-5407","CVE-2017-5408","CVE-2017-5409","CVE-2017-5410"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2017-5398","CVE-2017-5400","CVE-2017-5401","CVE-2017-5402","CVE-2017-5404","CVE-2017-5405","CVE-2017-5407","CVE-2017-5408","CVE-2017-5409","CVE-2017-5410"]}