{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.9.0esr-109.38.2","MozillaFirefox-devel":"52.9.0esr-109.38.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.9.0esr-109.38.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox to version ESR 52.9 fixes the following issues:\n\n- CVE-2018-5188: Various memory safety bugs (bsc#1098998)\n- CVE-2018-12368: No warning when opening executable SettingContent-ms files\n- CVE-2018-12366: Invalid data handling during QCMS transformations\n- CVE-2018-12365: Compromised IPC child process can list local filenames\n- CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins\n- CVE-2018-12363: Use-after-free when appending DOM nodes\n- CVE-2018-12362: Integer overflow in SSSE3 scaler\n- CVE-2018-12360: Use-after-free when using focus()\n- CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture\n- CVE-2018-12359: Buffer overflow using computed size of canvas element\n","id":"SUSE-SU-2018:2322-2","modified":"2018-10-18T12:48:00Z","published":"2018-10-18T12:48:00Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182322-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1098998"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12359"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12360"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12362"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12363"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12365"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12366"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12368"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5188"}],"related":["CVE-2018-12359","CVE-2018-12360","CVE-2018-12362","CVE-2018-12363","CVE-2018-12364","CVE-2018-12365","CVE-2018-12366","CVE-2018-12368","CVE-2018-5156","CVE-2018-5188"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2018-12359","CVE-2018-12360","CVE-2018-12362","CVE-2018-12363","CVE-2018-12364","CVE-2018-12365","CVE-2018-12366","CVE-2018-12368","CVE-2018-5156","CVE-2018-5188"]}