{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"115.7.0-112.197.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"115.7.0-112.197.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"115.7.0-112.197.1","MozillaFirefox-devel":"115.7.0-112.197.1","MozillaFirefox-translations-common":"115.7.0-112.197.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"115.7.0-112.197.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"115.7.0-112.197.1","MozillaFirefox-devel":"115.7.0-112.197.1","MozillaFirefox-translations-common":"115.7.0-112.197.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"115.7.0-112.197.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\nUpdate to Firefox Extended Support Release 115.7.0 ESR (MFSA 2024-02) (bsc#1218955):\n    \n- CVE-2024-0741: Out of bounds write in ANGLE\n- CVE-2024-0742: Failure to update user input timestamp\n- CVE-2024-0746: Crash when listing printers on Linux\n- CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set\n- CVE-2024-0749: Phishing site popup could show local origin in address bar\n- CVE-2024-0750: Potential permissions request bypass via clickjacking\n- CVE-2024-0751: Privilege escalation through devtools\n- CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain\n- CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7  \n","id":"SUSE-SU-2024:0211-1","modified":"2024-01-24T13:13:54Z","published":"2024-01-24T13:13:54Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240211-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218955"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0741"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0742"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0746"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0747"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0749"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0750"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0751"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0755"}],"related":["CVE-2024-0741","CVE-2024-0742","CVE-2024-0746","CVE-2024-0747","CVE-2024-0749","CVE-2024-0750","CVE-2024-0751","CVE-2024-0753","CVE-2024-0755"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2024-0741","CVE-2024-0742","CVE-2024-0746","CVE-2024-0747","CVE-2024-0749","CVE-2024-0750","CVE-2024-0751","CVE-2024-0753","CVE-2024-0755"]}