{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.3.0-3.108.1","MozillaFirefox-devel":"78.3.0-3.108.1","MozillaFirefox-translations-common":"78.3.0-3.108.1","MozillaFirefox-translations-other":"78.3.0-3.108.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP1","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.3.0-3.108.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\n-Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)\n   - CVE-2020-15677: Download origin spoofing via redirect\n   - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a\n     contenteditable element \n   - CVE-2020-15678: When recursing through layers while scrolling, an iterator\n     may have become invalid, resulting in a potential use-after-free scenario\n   - CVE-2020-15673: Fixed memory safety bugs \n- Enhance fix for wayland-detection (bsc#1174420)\n- Attempt to fix langpack-parallelization by introducing separate\n  obj-dirs for each lang (bsc#1173986, bsc#1167976)\n","id":"SUSE-SU-2020:2747-1","modified":"2020-09-25T08:11:45Z","published":"2020-09-25T08:11:45Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20202747-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1167976"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173986"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174420"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176756"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15673"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15676"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15677"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15678"}],"related":["CVE-2020-15673","CVE-2020-15676","CVE-2020-15677","CVE-2020-15678"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2020-15673","CVE-2020-15676","CVE-2020-15677","CVE-2020-15678"]}