{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"68.3.0-78.54.1","MozillaFirefox-translations-common":"68.3.0-78.54.1","MozillaFirefox-translations-other":"68.3.0-78.54.1","libfreebl3":"3.47.1-38.12.1","libfreebl3-32bit":"3.47.1-38.12.1","libsoftokn3":"3.47.1-38.12.1","libsoftokn3-32bit":"3.47.1-38.12.1","mozilla-nspr":"4.23-29.9.1","mozilla-nspr-32bit":"4.23-29.9.1","mozilla-nspr-devel":"4.23-29.9.1","mozilla-nss":"3.47.1-38.12.1","mozilla-nss-32bit":"3.47.1-38.12.1","mozilla-nss-certs":"3.47.1-38.12.1","mozilla-nss-certs-32bit":"3.47.1-38.12.1","mozilla-nss-devel":"3.47.1-38.12.1","mozilla-nss-tools":"3.47.1-38.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.3.0-78.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"68.3.0-78.54.1","MozillaFirefox-translations-common":"68.3.0-78.54.1","MozillaFirefox-translations-other":"68.3.0-78.54.1","libfreebl3":"3.47.1-38.12.1","libfreebl3-32bit":"3.47.1-38.12.1","libsoftokn3":"3.47.1-38.12.1","libsoftokn3-32bit":"3.47.1-38.12.1","mozilla-nspr":"4.23-29.9.1","mozilla-nspr-32bit":"4.23-29.9.1","mozilla-nspr-devel":"4.23-29.9.1","mozilla-nss":"3.47.1-38.12.1","mozilla-nss-32bit":"3.47.1-38.12.1","mozilla-nss-certs":"3.47.1-38.12.1","mozilla-nss-certs-32bit":"3.47.1-38.12.1","mozilla-nss-devel":"3.47.1-38.12.1","mozilla-nss-tools":"3.47.1-38.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","name":"mozilla-nspr","purl":"pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.23-29.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"68.3.0-78.54.1","MozillaFirefox-translations-common":"68.3.0-78.54.1","MozillaFirefox-translations-other":"68.3.0-78.54.1","libfreebl3":"3.47.1-38.12.1","libfreebl3-32bit":"3.47.1-38.12.1","libsoftokn3":"3.47.1-38.12.1","libsoftokn3-32bit":"3.47.1-38.12.1","mozilla-nspr":"4.23-29.9.1","mozilla-nspr-32bit":"4.23-29.9.1","mozilla-nspr-devel":"4.23-29.9.1","mozilla-nss":"3.47.1-38.12.1","mozilla-nss-32bit":"3.47.1-38.12.1","mozilla-nss-certs":"3.47.1-38.12.1","mozilla-nss-certs-32bit":"3.47.1-38.12.1","mozilla-nss-devel":"3.47.1-38.12.1","mozilla-nss-tools":"3.47.1-38.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.47.1-38.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues:\n\nUpdate Firefox Extended Support Release to 68.3.0 ESR (MFSA 2019-37 / bsc#1158328)\n\nSecurity issues fixed:\n\n- CVE-2019-17008: Use-after-free in worker destruction (bmo#1546331).\n- CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156).\n- CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher (bmo#1586176).\n- CVE-2019-17009: Updater temporary files accessible to unprivileged processes (bmo#1510494).\n- CVE-2019-17010: Use-after-free when performing device orientation checks (bmo#1581084).\n- CVE-2019-17005: Buffer overflow in plain text serializer (bmo#1584170).\n- CVE-2019-17011: Use-after-free when retrieving a document in antitracking (bmo#1591334).\n- CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502).\n\nUpdate mozilla-nss to version 3.47.1 (bsc#1158527):\n\nSecurity issues fixed:\n\n- CVE-2019-11745: EncryptUpdate should use maxout, not block size.\n\nBug fixes:\n\n- Fix a crash that could be caused by client certificates during startup (bmo#1590495, bsc#1158527)\n- Fix compile-time warnings from uninitialized variables in a perl script (bmo#1589810)\n- Support AES HW acceleration on ARMv8 (bmo#1152625)\n- Allow per-socket run-time ordering of the cipher suites presented in ClientHello (bmo#1267894)\n- Add CMAC to FreeBL and PKCS #11 libraries (bmo#1570501)\n- Remove arbitrary HKDF output limit by allocating space as needed (bmo#1577953)\n\nUpdate mozilla-nspr to version 4.23:\n\nBug fixes:\n\n- fixed a build failure that was introduced in 4.22\n- correctness fix for Win64 socket polling\n- whitespace in C files was cleaned up and no longer uses tab characters for indenting\n- added support for the ARC architecture\n- removed support for the following platforms: OSF1/Tru64, DGUX, IRIX, Symbian, BeOS\n- correctness and build fixes\n","id":"SUSE-SU-2019:14260-1","modified":"2019-12-20T14:34:01Z","published":"2019-12-20T14:34:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-201914260-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158328"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158527"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13722"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17008"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17009"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17011"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17012"}],"related":["CVE-2019-11745","CVE-2019-13722","CVE-2019-17005","CVE-2019-17008","CVE-2019-17009","CVE-2019-17010","CVE-2019-17011","CVE-2019-17012"],"summary":"Security update for MozillaFirefox, mozilla-nspr, mozilla-nss","upstream":["CVE-2019-11745","CVE-2019-13722","CVE-2019-17005","CVE-2019-17008","CVE-2019-17009","CVE-2019-17010","CVE-2019-17011","CVE-2019-17012"]}