{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"68.3.0-lp151.2.21.1","MozillaFirefox-branding-upstream":"68.3.0-lp151.2.21.1","MozillaFirefox-buildsymbols":"68.3.0-lp151.2.21.1","MozillaFirefox-devel":"68.3.0-lp151.2.21.1","MozillaFirefox-translations-common":"68.3.0-lp151.2.21.1","MozillaFirefox-translations-other":"68.3.0-lp151.2.21.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"MozillaFirefox","purl":"pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.3.0-lp151.2.21.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\nMozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)\t  \n\t  \nSecurity issues fixed: \n\n- CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)\n- CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments \n  in WebRTC code (bmo#1580156)\n- CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a \n  block cipher (bmo#1586176)\n- CVE-2019-17009: Fixed an issue where updater temporary files accessible to \n  unprivileged processes (bmo#1510494)\n- CVE-2019-17010: Fixed a use-after-free when performing device orientation \n  checks (bmo#1581084)\n- CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)\n- CVE-2019-17011: Fixed a use-after-free when retrieving a document \n  in antitracking (bmo#1591334)\n- CVE-2019-17012: Fixed multiple memmory issues\n  (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, \n  bmo#1592502)\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0002-1","modified":"2020-01-09T16:29:33Z","published":"2020-01-09T16:29:33Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IT3UIP5O2QPRMJEIU4SZ6MBHNKBLUYZT/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1157652"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158328"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13722"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17008"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17009"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17011"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17012"}],"related":["CVE-2019-11745","CVE-2019-13722","CVE-2019-17005","CVE-2019-17008","CVE-2019-17009","CVE-2019-17010","CVE-2019-17011","CVE-2019-17012"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2019-11745","CVE-2019-13722","CVE-2019-17005","CVE-2019-17008","CVE-2019-17009","CVE-2019-17010","CVE-2019-17011","CVE-2019-17012"]}