{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.1.0-8.3.1","MozillaFirefox-branding-SLE":"78-9.2.4","MozillaFirefox-devel":"78.1.0-8.3.1","MozillaFirefox-translations-common":"78.1.0-8.3.1","MozillaFirefox-translations-other":"78.1.0-8.3.1","libpipewire-0_3-0":"0.3.6-3.3.2","pipewire":"0.3.6-3.3.2","pipewire-modules":"0.3.6-3.3.2","pipewire-spa-plugins-0_2":"0.3.6-3.3.2","pipewire-spa-tools":"0.3.6-3.3.2","pipewire-tools":"0.3.6-3.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP2","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.1.0-8.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.1.0-8.3.1","MozillaFirefox-branding-SLE":"78-9.2.4","MozillaFirefox-devel":"78.1.0-8.3.1","MozillaFirefox-translations-common":"78.1.0-8.3.1","MozillaFirefox-translations-other":"78.1.0-8.3.1","libpipewire-0_3-0":"0.3.6-3.3.2","pipewire":"0.3.6-3.3.2","pipewire-modules":"0.3.6-3.3.2","pipewire-spa-plugins-0_2":"0.3.6-3.3.2","pipewire-spa-tools":"0.3.6-3.3.2","pipewire-tools":"0.3.6-3.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP2","name":"MozillaFirefox-branding-SLE","purl":"pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78-9.2.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.1.0-8.3.1","MozillaFirefox-branding-SLE":"78-9.2.4","MozillaFirefox-devel":"78.1.0-8.3.1","MozillaFirefox-translations-common":"78.1.0-8.3.1","MozillaFirefox-translations-other":"78.1.0-8.3.1","libpipewire-0_3-0":"0.3.6-3.3.2","pipewire":"0.3.6-3.3.2","pipewire-modules":"0.3.6-3.3.2","pipewire-spa-plugins-0_2":"0.3.6-3.3.2","pipewire-spa-tools":"0.3.6-3.3.2","pipewire-tools":"0.3.6-3.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP2","name":"pipewire","purl":"pkg:rpm/suse/pipewire&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.6-3.3.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\nThis update for MozillaFirefox and pipewire fixes the following issues:\n\nMozillaFirefox Extended Support Release 78.1.0 ESR\n\n* Fixed: Various stability, functionality, and security fixes (bsc#1174538)\n* CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker\n* CVE-2020-6514: WebRTC data channel leaks internal address to peer\n* CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy\n* CVE-2020-15653: Bypassing iframe sandbox when allowing popups\n* CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture\n* CVE-2020-15656: Type confusion for special arguments in IonMonkey\n* CVE-2020-15658: Overriding file type when saving to disk\n* CVE-2020-15657: DLL hijacking due to incorrect loading path\n* CVE-2020-15654: Custom cursor can overlay user interface\n* CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1\n\npipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308):\n\n* Extensive memory leak fixing and stress testing was done.\n  A big leak in screen sharing with DMA-BUF was fixed.\n* Compile fixes\n* Stability improvements in jack and pulseaudio layers.\n* Added the old portal module to make the Camera portal\n  work again. This will be moved to the session manager in\n  future versions.\n* Improvements to the GStreamer source and sink shutdown.\n* Fix compatibility with v2 clients again when negotiating\n  buffers.\n\n","id":"SUSE-SU-2020:2147-1","modified":"2020-08-06T11:36:05Z","published":"2020-08-06T11:36:05Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20202147-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1171433"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174538"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15652"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15653"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15654"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15655"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15656"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15657"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15658"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15659"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6463"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6514"}],"related":["CVE-2020-15652","CVE-2020-15653","CVE-2020-15654","CVE-2020-15655","CVE-2020-15656","CVE-2020-15657","CVE-2020-15658","CVE-2020-15659","CVE-2020-6463","CVE-2020-6514"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2020-15652","CVE-2020-15653","CVE-2020-15654","CVE-2020-15655","CVE-2020-15656","CVE-2020-15657","CVE-2020-15658","CVE-2020-15659","CVE-2020-6463","CVE-2020-6514"]}