{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.1.0-3.100.2","MozillaFirefox-devel":"78.1.0-3.100.2","MozillaFirefox-translations-common":"78.1.0-3.100.2","MozillaFirefox-translations-other":"78.1.0-3.100.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP1","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.1.0-3.100.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.1.0 ESR\n  * Fixed: Various stability, functionality, and security fixes (bsc#1174538)\n  * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker\n  * CVE-2020-6514: WebRTC data channel leaks internal address to peer\n  * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy\n  * CVE-2020-15653: Bypassing iframe sandbox when allowing popups\n  * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture\n  * CVE-2020-15656: Type confusion for special arguments in IonMonkey\n  * CVE-2020-15658: Overriding file type when saving to disk\n  * CVE-2020-15657: DLL hijacking due to incorrect loading path\n  * CVE-2020-15654: Custom cursor can overlay user interface\n  * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1\n","id":"SUSE-SU-2020:2118-1","modified":"2020-08-04T13:16:01Z","published":"2020-08-04T13:16:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20202118-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174538"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15652"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15653"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15654"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15655"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15656"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15657"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15658"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15659"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6463"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6514"}],"related":["CVE-2020-15652","CVE-2020-15653","CVE-2020-15654","CVE-2020-15655","CVE-2020-15656","CVE-2020-15657","CVE-2020-15658","CVE-2020-15659","CVE-2020-6463","CVE-2020-6514"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2020-15652","CVE-2020-15653","CVE-2020-15654","CVE-2020-15655","CVE-2020-15656","CVE-2020-15657","CVE-2020-15658","CVE-2020-15659","CVE-2020-6463","CVE-2020-6514"]}