{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.3.0-lp152.2.21.1","MozillaFirefox-branding-upstream":"78.3.0-lp152.2.21.1","MozillaFirefox-buildsymbols":"78.3.0-lp152.2.21.1","MozillaFirefox-devel":"78.3.0-lp152.2.21.1","MozillaFirefox-translations-common":"78.3.0-lp152.2.21.1","MozillaFirefox-translations-other":"78.3.0-lp152.2.21.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"MozillaFirefox","purl":"pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.3.0-lp152.2.21.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\n-Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)\n   - CVE-2020-15677: Download origin spoofing via redirect\n   - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a\n     contenteditable element \n   - CVE-2020-15678: When recursing through layers while scrolling, an iterator\n     may have become invalid, resulting in a potential use-after-free scenario\n   - CVE-2020-15673: Fixed memory safety bugs \n- Enhance fix for wayland-detection (bsc#1174420)\n- Attempt to fix langpack-parallelization by introducing separate\n  obj-dirs for each lang (bsc#1173986, bsc#1167976)\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:1574-1","modified":"2020-09-29T08:13:26Z","published":"2020-09-29T08:13:26Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4BLMBLPQOANT6X2TSM5JYZQJWZLARWUV/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1167976"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173986"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174420"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176756"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15673"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15676"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15677"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15678"}],"related":["CVE-2020-15673","CVE-2020-15676","CVE-2020-15677","CVE-2020-15678"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2020-15673","CVE-2020-15676","CVE-2020-15677","CVE-2020-15678"]}