{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"60.8.0esr-78.43.2","MozillaFirefox-translations-common":"60.8.0esr-78.43.2","MozillaFirefox-translations-other":"60.8.0esr-78.43.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.8.0esr-78.43.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox to version ESR 60.8 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).\n- CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).\n- CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).\n- CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).\n- CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).\n- CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).\n- CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).\n- CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).\n- CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).\n- CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).\n- CVE-2019-11708: Fix sandbox escape using Prompt:Open (bsc#1138872).\n- CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614)    \n\nNon-security issues fixed:\n\n- Fix broken language plugins (bsc#1137792)\n","id":"SUSE-SU-2019:14124-1","modified":"2019-07-17T11:52:48Z","published":"2019-07-17T11:52:48Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-201914124-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137792"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138614"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138872"},{"type":"REPORT","url":"https://bugzilla.suse.com/1140868"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11707"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11708"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11709"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11711"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11712"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11713"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11715"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11717"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11719"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11729"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11730"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9811"}],"related":["CVE-2019-11707","CVE-2019-11708","CVE-2019-11709","CVE-2019-11711","CVE-2019-11712","CVE-2019-11713","CVE-2019-11715","CVE-2019-11717","CVE-2019-11719","CVE-2019-11729","CVE-2019-11730","CVE-2019-9811"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2019-11707","CVE-2019-11708","CVE-2019-11709","CVE-2019-11711","CVE-2019-11712","CVE-2019-11713","CVE-2019-11715","CVE-2019-11717","CVE-2019-11719","CVE-2019-11729","CVE-2019-11730","CVE-2019-9811"]}