{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"52.4.0esr-72.13.2","mozilla-nss-devel":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.4.0esr-72.13.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"52.4.0esr-72.13.2","mozilla-nss-devel":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.29.5-47.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.4.0esr-72.13.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.29.5-47.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.4.0esr-72.13.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.29.5-47.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.4.0esr-72.13.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.29.5-47.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libfreebl3-x86":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","libsoftokn3-x86":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1","mozilla-nss-x86":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.4.0esr-72.13.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libfreebl3-x86":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","libsoftokn3-x86":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1","mozilla-nss-x86":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.29.5-47.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libfreebl3-x86":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","libsoftokn3-x86":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1","mozilla-nss-x86":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.4.0esr-72.13.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.4.0esr-72.13.2","MozillaFirefox-translations":"52.4.0esr-72.13.2","libfreebl3":"3.29.5-47.6.1","libfreebl3-32bit":"3.29.5-47.6.1","libfreebl3-x86":"3.29.5-47.6.1","libsoftokn3":"3.29.5-47.6.1","libsoftokn3-32bit":"3.29.5-47.6.1","libsoftokn3-x86":"3.29.5-47.6.1","mozilla-nss":"3.29.5-47.6.1","mozilla-nss-32bit":"3.29.5-47.6.1","mozilla-nss-tools":"3.29.5-47.6.1","mozilla-nss-x86":"3.29.5-47.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.29.5-47.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nThis update for MozillaFirefox and mozilla-nss fixes the following issues:\n\nMozilla Firefox was updated to ESR 52.4 (bsc#1060445)\n\n* MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces\n* MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes\n* MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode\n* MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation\n* MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API\n* MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE\n* MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4\n* MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin\n* MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings\n\nMozilla Network Security Services (Mozilla NSS) received a security fix:\n\n* MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445)\n\n","id":"SUSE-SU-2017:2872-1","modified":"2017-10-27T12:51:26Z","published":"2017-10-27T12:51:26Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172872-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060445"},{"type":"REPORT","url":"https://bugzilla.suse.com/1061005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7810"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7814"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7824"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7825"}],"related":["CVE-2017-7793","CVE-2017-7805","CVE-2017-7810","CVE-2017-7814","CVE-2017-7818","CVE-2017-7819","CVE-2017-7823","CVE-2017-7824","CVE-2017-7825"],"summary":"Security update for MozillaFirefox, mozilla-nss","upstream":["CVE-2017-7793","CVE-2017-7805","CVE-2017-7810","CVE-2017-7814","CVE-2017-7818","CVE-2017-7819","CVE-2017-7823","CVE-2017-7824","CVE-2017-7825"]}