{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.5.0-3.119.1","MozillaFirefox-devel":"78.5.0-3.119.1","MozillaFirefox-translations-common":"78.5.0-3.119.1","MozillaFirefox-translations-other":"78.5.0-3.119.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP1","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.5.0-3.119.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n  * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n  * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n  * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n  * CVE-2020-26956: XSS through paste (manual and clipboard API)\n  * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n  * CVE-2020-26959: Use-after-free in WebRequestService\n  * CVE-2020-26960: Potential use-after-free in uses of nsTArray\n  * CVE-2020-15999: Heap buffer overflow in freetype\n  * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n  * CVE-2020-26965: Software keyboards may have remembered typed passwords\n  * CVE-2020-26966: Single-word search queries were also broadcast to local network\n  * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n","id":"SUSE-SU-2020:3383-1","modified":"2020-11-19T10:16:09Z","published":"2020-11-19T10:16:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20203383-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178824"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16012"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26951"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26953"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26956"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26958"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26959"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26960"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26965"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26966"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26968"}],"related":["CVE-2020-15999","CVE-2020-16012","CVE-2020-26951","CVE-2020-26953","CVE-2020-26956","CVE-2020-26958","CVE-2020-26959","CVE-2020-26960","CVE-2020-26961","CVE-2020-26965","CVE-2020-26966","CVE-2020-26968"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2020-15999","CVE-2020-16012","CVE-2020-26951","CVE-2020-26953","CVE-2020-26956","CVE-2020-26958","CVE-2020-26959","CVE-2020-26960","CVE-2020-26961","CVE-2020-26965","CVE-2020-26966","CVE-2020-26968"]}