{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"78.10.0-lp152.2.55.1","MozillaFirefox-branding-upstream":"78.10.0-lp152.2.55.1","MozillaFirefox-buildsymbols":"78.10.0-lp152.2.55.1","MozillaFirefox-devel":"78.10.0-lp152.2.55.1","MozillaFirefox-translations-common":"78.10.0-lp152.2.55.1","MozillaFirefox-translations-other":"78.10.0-lp152.2.55.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"MozillaFirefox","purl":"pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.10.0-lp152.2.55.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox fixes the following issues:\n\n- Firefox was updated to 78.10.0 ESR (bsc#1184960)\n  * CVE-2021-23994: Out of bound write due to lazy initialization\n  * CVE-2021-23995: Use-after-free in Responsive Design Mode\n  * CVE-2021-23998: Secure Lock icon could have been spoofed\n  * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage\n  * CVE-2021-23999: Blob URLs may have been granted additional privileges\n  * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL\n  * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads\n  * CVE-2021-29946: Port blocking could be bypassed\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.","id":"openSUSE-SU-2021:0621-1","modified":"2021-04-26T14:17:06Z","published":"2021-04-26T14:17:06Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EAMQGZ2XSFHUQG4YR5BGYZEI5C3IGY4P/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184960"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23994"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23995"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23998"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-24002"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-29945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-29946"}],"related":["CVE-2021-23961","CVE-2021-23994","CVE-2021-23995","CVE-2021-23998","CVE-2021-23999","CVE-2021-24002","CVE-2021-29945","CVE-2021-29946"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2021-23961","CVE-2021-23994","CVE-2021-23995","CVE-2021-23998","CVE-2021-23999","CVE-2021-24002","CVE-2021-29945","CVE-2021-29946"]}