Vulnerability-Lookup

CVE-2017-7778 (GCVE-0-2017-7778)

Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-05 16:12

Summary

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Severity

No CVSS data available.

CWE

Vulnerabilities in the Graphite 2 library

Assigner

mozilla

References

20 references

URL	Tags
http://www.securityfocus.com/bid/99057	vdb-entryx_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=1350047	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1352747	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1793	vendor-advisoryx_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=1356607	x_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-3918	vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id/1038689	vdb-entryx_refsource_SECTRACK
https://www.debian.org/security/2017/dsa-3894	vendor-advisoryx_refsource_DEBIAN
https://bugzilla.mozilla.org/show_bug.cgi?id=1355174	x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1349310	x_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-3881	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:1440	vendor-advisoryx_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=1355182	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201710-13	vendor-advisoryx_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:1561	vendor-advisoryx_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1358551	x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1352745	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2…	x_refsource_CONFIRM

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 54 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 52.2 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 52.2 (custom)

Date Public

2017-06-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:12:28.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99057",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99057"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
          },
          {
            "name": "RHSA-2017:1793",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
          },
          {
            "name": "DSA-3918",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3918"
          },
          {
            "name": "1038689",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038689"
          },
          {
            "name": "DSA-3894",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3894"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
          },
          {
            "name": "DSA-3881",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3881"
          },
          {
            "name": "RHSA-2017:1440",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1440"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
          },
          {
            "name": "GLSA-201710-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-13"
          },
          {
            "name": "RHSA-2017:1561",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1561"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "54",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Vulnerabilities in the Graphite 2 library",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "99057",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99057"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
        },
        {
          "name": "RHSA-2017:1793",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
        },
        {
          "name": "DSA-3918",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3918"
        },
        {
          "name": "1038689",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038689"
        },
        {
          "name": "DSA-3894",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3894"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
        },
        {
          "name": "DSA-3881",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3881"
        },
        {
          "name": "RHSA-2017:1440",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1440"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
        },
        {
          "name": "GLSA-201710-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-13"
        },
        {
          "name": "RHSA-2017:1561",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1561"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-7778",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "54"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Vulnerabilities in the Graphite 2 library"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99057",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99057"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
            },
            {
              "name": "RHSA-2017:1793",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1793"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
            },
            {
              "name": "DSA-3918",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3918"
            },
            {
              "name": "1038689",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038689"
            },
            {
              "name": "DSA-3894",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3894"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
            },
            {
              "name": "DSA-3881",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3881"
            },
            {
              "name": "RHSA-2017:1440",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1440"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
            },
            {
              "name": "GLSA-201710-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-13"
            },
            {
              "name": "RHSA-2017:1561",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1561"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-7778",
    "datePublished": "2018-06-11T21:00:00.000Z",
    "dateReserved": "2017-04-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:12:28.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-7778",
      "date": "2026-05-28",
      "epss": "0.01434",
      "percentile": "0.80977"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7778\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-06-11T21:29:08.717\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.\"},{\"lang\":\"es\",\"value\":\"Hay una serie de vulnerabilidades de seguridad en la biblioteca Graphite 2, incluyendo lecturas fuera de l\u00edmites, lecturas y escrituras por desbordamiento de b\u00fafer y el uso de memoria no inicializada. Estos problemas fueron abordados en la versi\u00f3n 1.3.10 de Graphite 2. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.2.0\",\"matchCriteriaId\":\"6F5DBE64-6529-4705-869D-4FD030CFADE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"54.0\",\"matchCriteriaId\":\"12FE3109-0EE6-49DC-974A-E522F55B17E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.2.0\",\"matchCriteriaId\":\"37E2AFA4-8E1E-4074-BA83-B32D702B439C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sil:graphite2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.10\",\"matchCriteriaId\":\"5F864FFA-7BE6-48D8-A22E-986CCB5B45D5\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99057\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038689\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1440\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1561\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1793\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1349310\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1350047\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1352745\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1352747\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1355174\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1355182\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1356607\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1358551\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3881\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3894\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3918\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-15/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-16/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-17/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1349310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1350047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1352745\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1352747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1355174\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1355182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1356607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1358551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3881\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-16/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-17/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

BDU:2019-00230

Vulnerability from fstec - Published: 13.06.2017

Title

Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость функции lz4::decompress библиотеки Graphite 2 браузеров Mozilla Firefox и Mozilla Firefox ESR связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код или вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Vendor

SIL International, Mozilla Corp., Juniper Networks Inc.

Software Name

Graphite 2, Firefox, Firefox ESR, Junos Space

Software Version

до 1.3.10 (Graphite 2), до 54 (Firefox), до 52.2 (Firefox ESR), до 21.1R1 (Junos Space)

Possible Mitigations

Для Graphite 2 использование рекомендаций: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 Для Mozilla Firefox и Mozilla Firefox ESR использование рекомендаций: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/ https://bugzilla.mozilla.org/show_bug.cgi?id=1349310

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "SIL International, Mozilla Corp., Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.3.10 (Graphite 2), \u0434\u043e 54 (Firefox), \u0434\u043e 52.2 (Firefox ESR), \u0434\u043e 21.1R1 (Junos Space)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Graphite 2 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310\n\u0414\u043b\u044f Mozilla Firefox \u0438 Mozilla Firefox ESR \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.06.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.07.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.01.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00230",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-7778",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Graphite 2, Firefox, Firefox ESR, Junos Space",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 lz4::decompress \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Graphite 2 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox \u0438 Mozilla Firefox ESR, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 lz4::decompress \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Graphite 2 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox \u0438 Mozilla Firefox ESR \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1349310",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,6)"
}

CERTFR-2017-AVI-174

Vulnerability from certfr_avis - Published: 2017-06-14 - Updated: 2017-06-14

De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox ESR versions antérieures à 52.2
	Mozilla	Firefox	Firefox versions antérieures à 54

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2017-16 du 13 juin 2017	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2017-15 du 13 juin 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 52.2",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 54",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7759"
    },
    {
      "name": "CVE-2017-7770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7770"
    },
    {
      "name": "CVE-2017-7763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7763"
    },
    {
      "name": "CVE-2017-7752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7752"
    },
    {
      "name": "CVE-2017-5472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5472"
    },
    {
      "name": "CVE-2017-7760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7760"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-7765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7765"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7757"
    },
    {
      "name": "CVE-2017-7758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7758"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-7762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7762"
    },
    {
      "name": "CVE-2017-7767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7767"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-7768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7768"
    },
    {
      "name": "CVE-2017-7750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7750"
    },
    {
      "name": "CVE-2017-7761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7761"
    },
    {
      "name": "CVE-2017-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7754"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7749"
    },
    {
      "name": "CVE-2017-7764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7764"
    },
    {
      "name": "CVE-2017-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7751"
    },
    {
      "name": "CVE-2017-5470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5470"
    },
    {
      "name": "CVE-2017-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7756"
    },
    {
      "name": "CVE-2017-7766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7766"
    },
    {
      "name": "CVE-2017-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7755"
    },
    {
      "name": "CVE-2017-5471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5471"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    }
  ],
  "initial_release_date": "2017-06-14T00:00:00",
  "last_revision_date": "2017-06-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-174",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-16 du 13 juin 2017",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-15 du 13 juin 2017",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/"
    }
  ]
}

CERTFR-2017-AVI-182

Vulnerability from certfr_avis - Published: 2017-06-15 - Updated: 2017-06-15

De multiples vulnérabilités ont été corrigées dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Mozilla Thunderbird versions antérieures à 52.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2017-17 du 14 juin 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMozilla Thunderbird versions ant\u00e9rieures \u00e0 52.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7763"
    },
    {
      "name": "CVE-2017-7752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7752"
    },
    {
      "name": "CVE-2017-5472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5472"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-7765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7765"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7757"
    },
    {
      "name": "CVE-2017-7758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7758"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-7750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7750"
    },
    {
      "name": "CVE-2017-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7754"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7749"
    },
    {
      "name": "CVE-2017-7764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7764"
    },
    {
      "name": "CVE-2017-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7751"
    },
    {
      "name": "CVE-2017-5470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5470"
    },
    {
      "name": "CVE-2017-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7756"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    }
  ],
  "initial_release_date": "2017-06-15T00:00:00",
  "last_revision_date": "2017-06-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-182",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Thunderbird\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-17 du 14 juin 2017",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/"
    }
  ]
}

CERTFR-2017-AVI-231

Vulnerability from certfr_avis - Published: 2017-07-20 - Updated: 2017-07-20

De multiples vulnérabilités ont été corrigées dans Oracle VM Server pour x86 et Oracle Linux. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	N/A	Oracle Linux versions 5, 6 et 7
	Oracle	N/A	Oracle VM Server pour x86 versions 3.2, 3.3 et 3.4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle VM Server pour x86 Linux du 17 juillet 2017	None	vendor-advisory
Bulletin de sécurité Oracle Linux du 17 juillet 2017	None	vendor-advisory
Bulletin de sécurité VM Server pour x86 Linux du 17 juillet 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Linux versions 5, 6 et 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM Server pour x86 versions 3.2, 3.3 et 3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
    },
    {
      "name": "CVE-2017-7752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7752"
    },
    {
      "name": "CVE-2017-9524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9524"
    },
    {
      "name": "CVE-2017-5472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5472"
    },
    {
      "name": "CVE-2017-9462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9462"
    },
    {
      "name": "CVE-2017-7645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
    },
    {
      "name": "CVE-2017-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-6214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
    },
    {
      "name": "CVE-2017-9148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9148"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7757"
    },
    {
      "name": "CVE-2017-7758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7758"
    },
    {
      "name": "CVE-2017-2583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-1000366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
    },
    {
      "name": "CVE-2017-1000368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-7477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7477"
    },
    {
      "name": "CVE-2017-7750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7750"
    },
    {
      "name": "CVE-2017-1000364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
    },
    {
      "name": "CVE-2017-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7754"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7749"
    },
    {
      "name": "CVE-2017-7764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7764"
    },
    {
      "name": "CVE-2017-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7751"
    },
    {
      "name": "CVE-2017-5470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5470"
    },
    {
      "name": "CVE-2017-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7756"
    },
    {
      "name": "CVE-2016-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    }
  ],
  "initial_release_date": "2017-07-20T00:00:00",
  "last_revision_date": "2017-07-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VM Server pour x86 Linux du 17 juillet    2017",
      "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-3832369.html"
    }
  ],
  "reference": "CERTFR-2017-AVI-231",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle VM Server pour x86 et Oracle Linux\u003c/span\u003e.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle VM Server pour x86 et Oracle Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle VM Server pour x86 Linux du 17 juillet 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Linux du 17 juillet 2017",
      "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html"
    }
  ]
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11176 du 22 mars 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    },
    {
      "name": "CVE-2017-13082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
    },
    {
      "name": "CVE-2017-13088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
    },
    {
      "name": "CVE-2017-13086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
    },
    {
      "name": "CVE-2017-13087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2007-6284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
    },
    {
      "name": "CVE-2008-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2011-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-2877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
    },
    {
      "name": "CVE-2013-0338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2013-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
    },
    {
      "name": "CVE-2014-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2015-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
    },
    {
      "name": "CVE-2015-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
    },
    {
      "name": "CVE-2015-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
    },
    {
      "name": "CVE-2015-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2014-8991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
    },
    {
      "name": "CVE-2014-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
    },
    {
      "name": "CVE-2014-9365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
    },
    {
      "name": "CVE-2015-6838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
    },
    {
      "name": "CVE-2015-6837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2015-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2016-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
    },
    {
      "name": "CVE-2016-5636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-6463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
    },
    {
      "name": "CVE-2017-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
    },
    {
      "name": "CVE-2017-6464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
    },
    {
      "name": "CVE-2017-14492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
    },
    {
      "name": "CVE-2017-14496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2017-14493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
    },
    {
      "name": "CVE-2017-14494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
    },
    {
      "name": "CVE-2017-14495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
    },
    {
      "name": "CVE-2017-5130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2017-15412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2017-17807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2018-1000007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
    },
    {
      "name": "CVE-2018-1000121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-6914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
    },
    {
      "name": "CVE-2017-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
    },
    {
      "name": "CVE-2018-8778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
    },
    {
      "name": "CVE-2017-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
    },
    {
      "name": "CVE-2018-8780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
    },
    {
      "name": "CVE-2017-17742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
    },
    {
      "name": "CVE-2017-10784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
    },
    {
      "name": "CVE-2017-17405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
    },
    {
      "name": "CVE-2018-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
    },
    {
      "name": "CVE-2017-14064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
    },
    {
      "name": "CVE-2018-8777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
    },
    {
      "name": "CVE-2018-5407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
    },
    {
      "name": "CVE-2018-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
    },
    {
      "name": "CVE-2018-7858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
    },
    {
      "name": "CVE-2018-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
    },
    {
      "name": "CVE-2018-10897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
    },
    {
      "name": "CVE-2018-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
    },
    {
      "name": "CVE-2018-5683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
    },
    {
      "name": "CVE-2017-13672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
    },
    {
      "name": "CVE-2018-11212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
    },
    {
      "name": "CVE-2017-18267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
    },
    {
      "name": "CVE-2018-13988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
    },
    {
      "name": "CVE-2018-20169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
    },
    {
      "name": "CVE-2018-19985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-6133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
    },
    {
      "name": "CVE-2018-18311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2019-10132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
    },
    {
      "name": "CVE-2019-11190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
    },
    {
      "name": "CVE-2019-11884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
    },
    {
      "name": "CVE-2019-11487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
    },
    {
      "name": "CVE-2019-12382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
    },
    {
      "name": "CVE-2018-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
    },
    {
      "name": "CVE-2019-5953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
    },
    {
      "name": "CVE-2019-12614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
    },
    {
      "name": "CVE-2019-11729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2018-1060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
    },
    {
      "name": "CVE-2018-12327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
    },
    {
      "name": "CVE-2018-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
    },
    {
      "name": "CVE-2019-10639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
    },
    {
      "name": "CVE-2019-10638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
    },
    {
      "name": "CVE-2018-20836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
    },
    {
      "name": "CVE-2019-13233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
    },
    {
      "name": "CVE-2019-14283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
    },
    {
      "name": "CVE-2019-13648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
    },
    {
      "name": "CVE-2019-10207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
    },
    {
      "name": "CVE-2015-9289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
    },
    {
      "name": "CVE-2019-14816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
    },
    {
      "name": "CVE-2019-15239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
    },
    {
      "name": "CVE-2019-15917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
    },
    {
      "name": "CVE-2017-18551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
    },
    {
      "name": "CVE-2019-15217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
    },
    {
      "name": "CVE-2019-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
    },
    {
      "name": "CVE-2019-11068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
    },
    {
      "name": "CVE-2018-18066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
    },
    {
      "name": "CVE-2019-15903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
    },
    {
      "name": "CVE-2019-17666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
    },
    {
      "name": "CVE-2019-17133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
    },
    {
      "name": "CVE-2018-12207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
    },
    {
      "name": "CVE-2019-17055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
    },
    {
      "name": "CVE-2019-17053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2019-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
    },
    {
      "name": "CVE-2019-16233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
    },
    {
      "name": "CVE-2019-15807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
    },
    {
      "name": "CVE-2019-16231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-19058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
    },
    {
      "name": "CVE-2019-14895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
    },
    {
      "name": "CVE-2019-19046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
    },
    {
      "name": "CVE-2019-15916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
    },
    {
      "name": "CVE-2019-18660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
    },
    {
      "name": "CVE-2019-19063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
    },
    {
      "name": "CVE-2019-19062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
    },
    {
      "name": "CVE-2018-14526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
    },
    {
      "name": "CVE-2019-13734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
    },
    {
      "name": "CVE-2019-19530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
    },
    {
      "name": "CVE-2019-19534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
    },
    {
      "name": "CVE-2019-19524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
    },
    {
      "name": "CVE-2019-14901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
    },
    {
      "name": "CVE-2019-19537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
    },
    {
      "name": "CVE-2019-19523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
    },
    {
      "name": "CVE-2019-19338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
    },
    {
      "name": "CVE-2019-19332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
    },
    {
      "name": "CVE-2019-19527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
    },
    {
      "name": "CVE-2019-18808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
    },
    {
      "name": "CVE-2019-19767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
    },
    {
      "name": "CVE-2019-19807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
    },
    {
      "name": "CVE-2019-19055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-19447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
    },
    {
      "name": "CVE-2019-20095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
    },
    {
      "name": "CVE-2019-20054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2019-14898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
    },
    {
      "name": "CVE-2019-16994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
    },
    {
      "name": "CVE-2019-18282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
    },
    {
      "name": "CVE-2020-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
    },
    {
      "name": "CVE-2019-19059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
    },
    {
      "name": "CVE-2019-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
    },
    {
      "name": "CVE-2020-9383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
    },
    {
      "name": "CVE-2020-8647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
    },
    {
      "name": "CVE-2020-8649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
    },
    {
      "name": "CVE-2020-1749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
    },
    {
      "name": "CVE-2019-9458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
    },
    {
      "name": "CVE-2020-10942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
    },
    {
      "name": "CVE-2019-9454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
    },
    {
      "name": "CVE-2020-11565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
    },
    {
      "name": "CVE-2020-10690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
    },
    {
      "name": "CVE-2020-10751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
    },
    {
      "name": "CVE-2020-12826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
    },
    {
      "name": "CVE-2020-12654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
    },
    {
      "name": "CVE-2020-10732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
    },
    {
      "name": "CVE-2019-20636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
    },
    {
      "name": "CVE-2019-20811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
    },
    {
      "name": "CVE-2020-12653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
    },
    {
      "name": "CVE-2020-10757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
    },
    {
      "name": "CVE-2020-12770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
    },
    {
      "name": "CVE-2020-12888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
    },
    {
      "name": "CVE-2020-12402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
    },
    {
      "name": "CVE-2018-16881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
    },
    {
      "name": "CVE-2018-19519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
    },
    {
      "name": "CVE-2020-10713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
    },
    {
      "name": "CVE-2020-14311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
    },
    {
      "name": "CVE-2020-14309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
    },
    {
      "name": "CVE-2020-15706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
    },
    {
      "name": "CVE-2020-14308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
    },
    {
      "name": "CVE-2020-14310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-15707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
    },
    {
      "name": "CVE-2020-14331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
    },
    {
      "name": "CVE-2020-10769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
    },
    {
      "name": "CVE-2020-14364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2020-14314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
    },
    {
      "name": "CVE-2020-24394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
    },
    {
      "name": "CVE-2020-25212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
    },
    {
      "name": "CVE-2020-14305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
    },
    {
      "name": "CVE-2020-10742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
    },
    {
      "name": "CVE-2020-14385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
    },
    {
      "name": "CVE-2020-25643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
    },
    {
      "name": "CVE-2020-15999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
    },
    {
      "name": "CVE-2018-20843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
    },
    {
      "name": "CVE-2018-5729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
    },
    {
      "name": "CVE-2018-5730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
    },
    {
      "name": "CVE-2020-13817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
    },
    {
      "name": "CVE-2020-11868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2019-13232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
    },
    {
      "name": "CVE-2020-10531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
    },
    {
      "name": "CVE-2019-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
    },
    {
      "name": "CVE-2019-20907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
    },
    {
      "name": "CVE-2019-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
    },
    {
      "name": "CVE-2017-12652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
    },
    {
      "name": "CVE-2019-12450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
    },
    {
      "name": "CVE-2020-12825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
    },
    {
      "name": "CVE-2020-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
    },
    {
      "name": "CVE-2019-14866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
    },
    {
      "name": "CVE-2020-1983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
    },
    {
      "name": "CVE-2019-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
    },
    {
      "name": "CVE-2019-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
    },
    {
      "name": "CVE-2020-10754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
    },
    {
      "name": "CVE-2020-12049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
    },
    {
      "name": "CVE-2019-14822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
    },
    {
      "name": "CVE-2020-14363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
    },
    {
      "name": "CVE-2019-9924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
    },
    {
      "name": "CVE-2018-18751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
    },
    {
      "name": "CVE-2019-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
    },
    {
      "name": "CVE-2019-20386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
    },
    {
      "name": "CVE-2017-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
    },
    {
      "name": "CVE-2014-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
    },
    {
      "name": "CVE-2018-16403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
    },
    {
      "name": "CVE-2018-15746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
    },
    {
      "name": "CVE-2014-6272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
    },
    {
      "name": "CVE-2019-7638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
    },
    {
      "name": "CVE-2015-8241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
    },
    {
      "name": "CVE-2019-10155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
    },
    {
      "name": "CVE-2018-11813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
    },
    {
      "name": "CVE-2018-18310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
    },
    {
      "name": "CVE-2018-1084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
    },
    {
      "name": "CVE-2020-12662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
    },
    {
      "name": "CVE-2012-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
    },
    {
      "name": "CVE-2017-0902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
    },
    {
      "name": "CVE-2018-8945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
    },
    {
      "name": "CVE-2017-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
    },
    {
      "name": "CVE-2010-2239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
    },
    {
      "name": "CVE-2010-2242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
    },
    {
      "name": "CVE-2017-14167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
    },
    {
      "name": "CVE-2015-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
    },
    {
      "name": "CVE-2019-11324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
    },
    {
      "name": "CVE-2013-6458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
    },
    {
      "name": "CVE-2018-1000075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
    },
    {
      "name": "CVE-2018-15857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
    },
    {
      "name": "CVE-2018-16062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
    },
    {
      "name": "CVE-2018-10534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
    },
    {
      "name": "CVE-2014-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
    },
    {
      "name": "CVE-2018-18384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
    },
    {
      "name": "CVE-2013-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
    },
    {
      "name": "CVE-2016-6580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
    },
    {
      "name": "CVE-2018-12697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
    },
    {
      "name": "CVE-2018-1000301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2019-12155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
    },
    {
      "name": "CVE-2017-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
    },
    {
      "name": "CVE-2014-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
    },
    {
      "name": "CVE-2017-1000050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
    },
    {
      "name": "CVE-2018-10535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
    },
    {
      "name": "CVE-2019-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
    },
    {
      "name": "CVE-2018-16402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
    },
    {
      "name": "CVE-2018-1116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
    },
    {
      "name": "CVE-2018-15853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
    },
    {
      "name": "CVE-2019-14378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
    },
    {
      "name": "CVE-2016-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
    },
    {
      "name": "CVE-2019-12312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
    },
    {
      "name": "CVE-2013-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
    },
    {
      "name": "CVE-2019-16935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
    },
    {
      "name": "CVE-2015-6525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
    },
    {
      "name": "CVE-2016-6581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
    },
    {
      "name": "CVE-2013-4520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
    },
    {
      "name": "CVE-2014-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
    },
    {
      "name": "CVE-2014-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
    },
    {
      "name": "CVE-2015-9381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
    },
    {
      "name": "CVE-2016-5361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
    },
    {
      "name": "CVE-2018-14598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
    },
    {
      "name": "CVE-2014-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
    },
    {
      "name": "CVE-2018-20852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
    },
    {
      "name": "CVE-2012-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
    },
    {
      "name": "CVE-2018-7208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
    },
    {
      "name": "CVE-2018-12910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
    },
    {
      "name": "CVE-2019-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
    },
    {
      "name": "CVE-2015-7497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
    },
    {
      "name": "CVE-2019-7665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
    },
    {
      "name": "CVE-2018-15854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
    },
    {
      "name": "CVE-2019-13404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
    },
    {
      "name": "CVE-2015-5160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
    },
    {
      "name": "CVE-2018-10767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
    },
    {
      "name": "CVE-2018-7550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
    },
    {
      "name": "CVE-2016-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
    },
    {
      "name": "CVE-2018-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
    },
    {
      "name": "CVE-2018-18521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
    },
    {
      "name": "CVE-2018-19788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
    },
    {
      "name": "CVE-2019-8322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
    },
    {
      "name": "CVE-2019-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
    },
    {
      "name": "CVE-2016-9189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
    },
    {
      "name": "CVE-2015-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
    },
    {
      "name": "CVE-2018-14647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2019-14906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
    },
    {
      "name": "CVE-2018-1000073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
    },
    {
      "name": "CVE-2019-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
    },
    {
      "name": "CVE-2017-1000158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
    },
    {
      "name": "CVE-2019-7635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
    },
    {
      "name": "CVE-2019-7576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
    },
    {
      "name": "CVE-2019-14834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
    },
    {
      "name": "CVE-2018-15855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
    },
    {
      "name": "CVE-2019-7149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
    },
    {
      "name": "CVE-2018-7642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
    },
    {
      "name": "CVE-2019-5010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
    },
    {
      "name": "CVE-2018-12641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
    },
    {
      "name": "CVE-2021-3396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2017-15268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
    },
    {
      "name": "CVE-2018-15587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
    },
    {
      "name": "CVE-2016-10746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
    },
    {
      "name": "CVE-2017-13711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
    },
    {
      "name": "CVE-2014-8131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
    },
    {
      "name": "CVE-2014-9601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
    },
    {
      "name": "CVE-2014-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
    },
    {
      "name": "CVE-2018-10373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
    },
    {
      "name": "CVE-2017-17790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
    },
    {
      "name": "CVE-2011-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
    },
    {
      "name": "CVE-2018-1000802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
    },
    {
      "name": "CVE-2017-7555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
    },
    {
      "name": "CVE-2016-9015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
    },
    {
      "name": "CVE-2017-13720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
    },
    {
      "name": "CVE-2018-11782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
    },
    {
      "name": "CVE-2017-11671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
    },
    {
      "name": "CVE-2017-10664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
    },
    {
      "name": "CVE-2018-11213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
    },
    {
      "name": "CVE-2013-6457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
    },
    {
      "name": "CVE-2019-10138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
    },
    {
      "name": "CVE-2019-7578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
    },
    {
      "name": "CVE-2020-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
    },
    {
      "name": "CVE-2017-11368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
    },
    {
      "name": "CVE-2018-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
    },
    {
      "name": "CVE-2019-20485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
    },
    {
      "name": "CVE-2003-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
    },
    {
      "name": "CVE-2017-15289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
    },
    {
      "name": "CVE-2016-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
    },
    {
      "name": "CVE-2017-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
    },
    {
      "name": "CVE-2018-15864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
    },
    {
      "name": "CVE-2017-18207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
    },
    {
      "name": "CVE-2019-12761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
    },
    {
      "name": "CVE-2013-5651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
    },
    {
      "name": "CVE-2017-17522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
    },
    {
      "name": "CVE-2019-20382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
    },
    {
      "name": "CVE-2016-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
    },
    {
      "name": "CVE-2019-14287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
    },
    {
      "name": "CVE-2018-18520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2019-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
    },
    {
      "name": "CVE-2015-5652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
    },
    {
      "name": "CVE-2019-7572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
    },
    {
      "name": "CVE-2017-6519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
    },
    {
      "name": "CVE-2018-10906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
    },
    {
      "name": "CVE-2018-15863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
    },
    {
      "name": "CVE-2018-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
    },
    {
      "name": "CVE-2018-1000079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
    },
    {
      "name": "CVE-2019-7664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
    },
    {
      "name": "CVE-2017-5992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
    },
    {
      "name": "CVE-2019-16865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
    },
    {
      "name": "CVE-2019-8324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
    },
    {
      "name": "CVE-2018-1000076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
    },
    {
      "name": "CVE-2018-1000030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
    },
    {
      "name": "CVE-2018-1000074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
    },
    {
      "name": "CVE-2017-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
    },
    {
      "name": "CVE-2018-7568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
    },
    {
      "name": "CVE-2016-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
    },
    {
      "name": "CVE-2018-15688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
    },
    {
      "name": "CVE-2018-14599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
    },
    {
      "name": "CVE-2018-10733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
    },
    {
      "name": "CVE-2016-9396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
    },
    {
      "name": "CVE-2019-10160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
    },
    {
      "name": "CVE-2017-7562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
    },
    {
      "name": "CVE-2016-1000032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
    },
    {
      "name": "CVE-2017-15124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
    },
    {
      "name": "CVE-2018-1113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
    },
    {
      "name": "CVE-2013-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
    },
    {
      "name": "CVE-2019-7636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
    },
    {
      "name": "CVE-2014-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
    },
    {
      "name": "CVE-2018-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
    },
    {
      "name": "CVE-2017-0903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
    },
    {
      "name": "CVE-2018-15856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
    },
    {
      "name": "CVE-2018-1000078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
    },
    {
      "name": "CVE-2019-7573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
    },
    {
      "name": "CVE-2018-1000077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
    },
    {
      "name": "CVE-2010-2237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
    },
    {
      "name": "CVE-2018-1000876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
    },
    {
      "name": "CVE-2018-14348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
    },
    {
      "name": "CVE-2019-3890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
    },
    {
      "name": "CVE-2015-7498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
    },
    {
      "name": "CVE-2019-7577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
    },
    {
      "name": "CVE-2016-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
    },
    {
      "name": "CVE-2018-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
    },
    {
      "name": "CVE-2013-4297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
    },
    {
      "name": "CVE-2010-2238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
    },
    {
      "name": "CVE-2018-14600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
    },
    {
      "name": "CVE-2017-13090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
    },
    {
      "name": "CVE-2013-7336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
    },
    {
      "name": "CVE-2018-10372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
    },
    {
      "name": "CVE-2019-7637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
    },
    {
      "name": "CVE-2018-11806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
    },
    {
      "name": "CVE-2018-7643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
    },
    {
      "name": "CVE-2015-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
    },
    {
      "name": "CVE-2018-1000117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
    },
    {
      "name": "CVE-2014-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
    },
    {
      "name": "CVE-2013-2230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
    },
    {
      "name": "CVE-2018-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
    },
    {
      "name": "CVE-2014-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
    },
    {
      "name": "CVE-2019-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
    },
    {
      "name": "CVE-2020-12663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
    },
    {
      "name": "CVE-2018-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
    },
    {
      "name": "CVE-2017-16611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
    },
    {
      "name": "CVE-2014-7823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
    },
    {
      "name": "CVE-2020-10703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
    },
    {
      "name": "CVE-2018-7569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
    },
    {
      "name": "CVE-2013-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2015-9382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
    },
    {
      "name": "CVE-2017-18190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
    },
    {
      "name": "CVE-2016-4009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
    },
    {
      "name": "CVE-2018-13033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
    },
    {
      "name": "CVE-2016-9190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
    },
    {
      "name": "CVE-2019-7574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
    },
    {
      "name": "CVE-2016-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
    },
    {
      "name": "CVE-2016-5699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
    },
    {
      "name": "CVE-2011-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
    },
    {
      "name": "CVE-2020-5208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
    },
    {
      "name": "CVE-2019-6778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
    },
    {
      "name": "CVE-2020-10772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
    },
    {
      "name": "CVE-2020-25637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
    },
    {
      "name": "CVE-2018-10360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
    },
    {
      "name": "CVE-2018-15859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
    },
    {
      "name": "CVE-2017-13089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
    },
    {
      "name": "CVE-2019-12779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
    },
    {
      "name": "CVE-2019-1010238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
    },
    {
      "name": "CVE-2019-6690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
    },
    {
      "name": "CVE-2015-8317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
    },
    {
      "name": "CVE-2018-4181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
    },
    {
      "name": "CVE-2019-8323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
    },
    {
      "name": "CVE-2016-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
    },
    {
      "name": "CVE-2018-14498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
    },
    {
      "name": "CVE-2018-15861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
    },
    {
      "name": "CVE-2019-7150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2016-5008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
    },
    {
      "name": "CVE-2014-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
    }
  ],
  "initial_release_date": "2022-03-23T00:00:00",
  "last_revision_date": "2022-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-267",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CNVD-2017-12547

Vulnerability from cnvd - Published: 2017-07-03

Title

Mozilla Firefox和Firefox ESR Graphite 2拒绝服务漏洞（CNVD-2017-12547）

Description

Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。Graphite是一套使用Python语言编写、采用Django框架的企业级开源系统监控工具（数据绘图），它通过第三方工具或插件进行数据收集、统计，最后完成数据绘图。Graphite 2是Graphite的一个升级版。 Mozilla Firefox 54之前的版本和Firefox ESR 52.2之前的版本中的Graphite 2 1.3.10之前的版本存在拒绝服务漏洞。攻击者可利用该漏洞造成拒绝服务（越边界写入）。

Severity

中

Patch Name

Mozilla Firefox和Firefox ESR Graphite 2拒绝服务漏洞（CNVD-2017-12547）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Reference

http://www.securityfocus.com/bid/99057

Impacted products

Name
['Mozilla Firefox <54', 'mozilla Firefox ESR <52.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99057"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7778"
    }
  },
  "description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Graphite\u662f\u4e00\u5957\u4f7f\u7528Python\u8bed\u8a00\u7f16\u5199\u3001\u91c7\u7528Django\u6846\u67b6\u7684\u4f01\u4e1a\u7ea7\u5f00\u6e90\u7cfb\u7edf\u76d1\u63a7\u5de5\u5177\uff08\u6570\u636e\u7ed8\u56fe\uff09\uff0c\u5b83\u901a\u8fc7\u7b2c\u4e09\u65b9\u5de5\u5177\u6216\u63d2\u4ef6\u8fdb\u884c\u6570\u636e\u6536\u96c6\u3001\u7edf\u8ba1\uff0c\u6700\u540e\u5b8c\u6210\u6570\u636e\u7ed8\u56fe\u3002Graphite 2\u662fGraphite\u7684\u4e00\u4e2a\u5347\u7ea7\u7248\u3002\r\n\r\nMozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 52.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Graphite 2 1.3.10\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002",
  "discovererName": "Holger Fuhrmannek, Tyson Smith",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-12547",
  "openTime": "2017-07-03",
  "patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Graphite\u662f\u4e00\u5957\u4f7f\u7528Python\u8bed\u8a00\u7f16\u5199\u3001\u91c7\u7528Django\u6846\u67b6\u7684\u4f01\u4e1a\u7ea7\u5f00\u6e90\u7cfb\u7edf\u76d1\u63a7\u5de5\u5177\uff08\u6570\u636e\u7ed8\u56fe\uff09\uff0c\u5b83\u901a\u8fc7\u7b2c\u4e09\u65b9\u5de5\u5177\u6216\u63d2\u4ef6\u8fdb\u884c\u6570\u636e\u6536\u96c6\u3001\u7edf\u8ba1\uff0c\u6700\u540e\u5b8c\u6210\u6570\u636e\u7ed8\u56fe\u3002Graphite 2\u662fGraphite\u7684\u4e00\u4e2a\u5347\u7ea7\u7248\u3002\r\n\r\nMozilla Firefox 54\u4e4b\u524d\u7684\u7248\u672c\u548cFirefox ESR 52.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Graphite 2 1.3.10\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5199\u5165\uff09\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u548cFirefox ESR Graphite 2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-12547\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c54",
      "mozilla Firefox ESR \u003c52.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99057",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-23",
  "title": "Mozilla Firefox\u548cFirefox ESR Graphite 2\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-12547\uff09"
}

FKIE_CVE-2017-7778

Vulnerability from fkie_nvd - Published: 2018-06-11 21:29 - Updated: 2025-11-25 17:50

Severity

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	http://www.securityfocus.com/bid/99057	Third Party Advisory, VDB Entry
security@mozilla.org	http://www.securitytracker.com/id/1038689	Third Party Advisory, VDB Entry
security@mozilla.org	https://access.redhat.com/errata/RHSA-2017:1440	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2017:1561	Third Party Advisory
security@mozilla.org	https://access.redhat.com/errata/RHSA-2017:1793	Third Party Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1349310	Issue Tracking, Vendor Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1350047	Issue Tracking, Vendor Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1352745	Issue Tracking, Vendor Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1352747	Issue Tracking, Vendor Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1355174	Issue Tracking, Vendor Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1355182	Issue Tracking, Vendor Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1356607	Issue Tracking, Vendor Advisory
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1358551	Issue Tracking, Vendor Advisory
security@mozilla.org	https://security.gentoo.org/glsa/201710-13	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2017/dsa-3881	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2017/dsa-3894	Third Party Advisory
security@mozilla.org	https://www.debian.org/security/2017/dsa-3918	Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2017-15/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2017-16/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2017-17/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99057	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038689	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:1440	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:1561	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:1793	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1349310	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1350047	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1352745	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1352747	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1355174	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1355182	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1356607	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1358551	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201710-13	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-3881	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-3894	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2017/dsa-3918	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2017-15/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2017-16/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2017-17/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*
debian	debian_linux	8.0
debian	debian_linux	9.0
sil	graphite2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F5DBE64-6529-4705-869D-4FD030CFADE0",
              "versionEndExcluding": "52.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FE3109-0EE6-49DC-974A-E522F55B17E1",
              "versionEndExcluding": "54.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37E2AFA4-8E1E-4074-BA83-B32D702B439C",
              "versionEndExcluding": "52.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sil:graphite2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F864FFA-7BE6-48D8-A22E-986CCB5B45D5",
              "versionEndExcluding": "1.3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2."
    },
    {
      "lang": "es",
      "value": "Hay una serie de vulnerabilidades de seguridad en la biblioteca Graphite 2, incluyendo lecturas fuera de l\u00edmites, lecturas y escrituras por desbordamiento de b\u00fafer y el uso de memoria no inicializada. Estos problemas fueron abordados en la versi\u00f3n 1.3.10 de Graphite 2. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2."
    }
  ],
  "id": "CVE-2017-7778",
  "lastModified": "2025-11-25T17:50:16.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-11T21:29:08.717",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99057"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038689"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1440"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1561"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1793"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-13"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3881"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3894"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3918"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-W4P4-6XH7-FHF6

Vulnerability from github – Published: 2022-05-14 03:08 – Updated: 2025-11-25 18:32

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
  "id": "GHSA-w4p4-6xh7-fhf6",
  "modified": "2025-11-25T18:32:09Z",
  "published": "2022-05-14T03:08:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7778"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-17"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-16"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2017-15"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3918"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3894"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-3881"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201710-13"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1793"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1561"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1440"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99057"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-7778

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-7778

Aliases

CVE-2017-7778

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7778",
    "description": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
    "id": "GSD-2017-7778",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-7778.html",
      "https://www.debian.org/security/2017/dsa-3918",
      "https://www.debian.org/security/2017/dsa-3894",
      "https://www.debian.org/security/2017/dsa-3881",
      "https://access.redhat.com/errata/RHSA-2017:1793",
      "https://access.redhat.com/errata/RHSA-2017:1561",
      "https://access.redhat.com/errata/RHSA-2017:1440",
      "https://ubuntu.com/security/CVE-2017-7778",
      "https://advisories.mageia.org/CVE-2017-7778.html",
      "https://security.archlinux.org/CVE-2017-7778",
      "https://alas.aws.amazon.com/cve/html/CVE-2017-7778.html",
      "https://linux.oracle.com/cve/CVE-2017-7778.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7778"
      ],
      "details": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
      "id": "GSD-2017-7778",
      "modified": "2023-12-13T01:21:06.503232Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2017-7778",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "54"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Vulnerabilities in the Graphite 2 library"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99057",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99057"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
          },
          {
            "name": "RHSA-2017:1793",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:1793"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
          },
          {
            "name": "DSA-3918",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2017/dsa-3918"
          },
          {
            "name": "1038689",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038689"
          },
          {
            "name": "DSA-3894",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2017/dsa-3894"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
          },
          {
            "name": "DSA-3881",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2017/dsa-3881"
          },
          {
            "name": "RHSA-2017:1440",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:1440"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
          },
          {
            "name": "GLSA-201710-13",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201710-13"
          },
          {
            "name": "RHSA-2017:1561",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:1561"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
            "refsource": "CONFIRM",
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2017-7778"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "54"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "52.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Thunderbird \u003c 52.2, Firefox \u003c 54, and Firefox ESR \u003c 52.2."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Vulnerabilities in the Graphite 2 library"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "52.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "52.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "54.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sil:graphite2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-7778"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                },
                {
                  "lang": "en",
                  "value": "CWE-125"
                },
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358551"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356607"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355182"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355174"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352747"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1352745"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1350047"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1349310"
            },
            {
              "name": "DSA-3918",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3918"
            },
            {
              "name": "DSA-3894",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3894"
            },
            {
              "name": "DSA-3881",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3881"
            },
            {
              "name": "GLSA-201710-13",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201710-13"
            },
            {
              "name": "RHSA-2017:1793",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1793"
            },
            {
              "name": "RHSA-2017:1561",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1561"
            },
            {
              "name": "RHSA-2017:1440",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1440"
            },
            {
              "name": "1038689",
              "refsource": "SECTRACK",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securitytracker.com/id/1038689"
            },
            {
              "name": "99057",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99057"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-08-13T17:14Z",
      "publishedDate": "2018-06-11T21:29Z"
    }
  }
}

OPENSUSE-SU-2017:1579-1

Vulnerability from csaf_opensuse - Published: 2017-06-16 09:03 - Updated: 2017-06-16 09:03

Summary

Security update for Mozilla Thunderbird

Severity

Moderate

Notes

Title of the patch: Security update for Mozilla Thunderbird

Description of the patch: This update to Thunderbird 52.2 fixes security issues and bugs. The following vulnerabilities were fixed: * CVE-2017-5472: Use-after-free using destroyed node when regenerating trees * CVE-2017-7749: Use-after-free during docshell reloading * CVE-2017-7750: Use-after-free with track elements * CVE-2017-7751: Use-after-free with content viewer listeners * CVE-2017-7752: Use-after-free with IME input * CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757: Use-after-free in IndexedDB * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777: Vulnerabilities in the Graphite 2 library * CVE-2017-7758: Out-of-bounds read in Opus encoder * CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks * CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 Mozilla Thunderbird now requires NSS 3.28.5. The following bugs were fixed: * Embedded images not shown in email received from Hotmail/Outlook webmailer * Detection of non-ASCII font names in font selector * Attachment not forwarded correctly under certain circumstances * Multiple requests for master password when GMail OAuth2 is enabled * Large number of blank pages being printed under certain circumstances when invalid preferences were present * Messages sent via the Simple MAPI interface are forced to HTML * Calendar: Invitations can't be printed * Mailing list (group) not accessible from macOS or Outlook address book * Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser

Patchnames: openSUSE-2017-694

CVE-2017-5470

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-5472

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7749

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7750

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7751

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7752

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7754

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7756

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7757

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7758

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7763

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7764

4.2 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7765

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7771

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7772

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7773

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7774

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7775

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7776

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7777

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7778

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64	—	Vendor Fix

Threats

Impact important

References

164 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://bugzilla.suse.com/1040105	self
https://bugzilla.suse.com/1042090	self
https://bugzilla.suse.com/1043960	self
https://bugzilla.suse.com/1273265	self
https://bugzilla.suse.com/1355039	self
https://bugzilla.suse.com/1356558	self
https://bugzilla.suse.com/1356824	self
https://bugzilla.suse.com/1357090	self
https://bugzilla.suse.com/1359547	self
https://bugzilla.suse.com/1360309	self
https://bugzilla.suse.com/1363396	self
https://bugzilla.suse.com/1364283	self
https://bugzilla.suse.com/1365602	self
https://bugzilla.suse.com/1366595	self
https://bugzilla.suse.com/1368490	self
https://www.suse.com/security/cve/CVE-2017-5470/	self
https://www.suse.com/security/cve/CVE-2017-5472/	self
https://www.suse.com/security/cve/CVE-2017-7749/	self
https://www.suse.com/security/cve/CVE-2017-7750/	self
https://www.suse.com/security/cve/CVE-2017-7751/	self
https://www.suse.com/security/cve/CVE-2017-7752/	self
https://www.suse.com/security/cve/CVE-2017-7754/	self
https://www.suse.com/security/cve/CVE-2017-7756/	self
https://www.suse.com/security/cve/CVE-2017-7757/	self
https://www.suse.com/security/cve/CVE-2017-7758/	self
https://www.suse.com/security/cve/CVE-2017-7763/	self
https://www.suse.com/security/cve/CVE-2017-7764/	self
https://www.suse.com/security/cve/CVE-2017-7765/	self
https://www.suse.com/security/cve/CVE-2017-7771/	self
https://www.suse.com/security/cve/CVE-2017-7772/	self
https://www.suse.com/security/cve/CVE-2017-7773/	self
https://www.suse.com/security/cve/CVE-2017-7774/	self
https://www.suse.com/security/cve/CVE-2017-7775/	self
https://www.suse.com/security/cve/CVE-2017-7776/	self
https://www.suse.com/security/cve/CVE-2017-7777/	self
https://www.suse.com/security/cve/CVE-2017-7778/	self
https://www.suse.com/security/cve/CVE-2017-5470	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-5472	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7749	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7750	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7751	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7752	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7754	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7756	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7757	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7758	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7763	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7764	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7765	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7771	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7772	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7773	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7774	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7775	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7776	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7777	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external
https://www.suse.com/security/cve/CVE-2017-7778	external
https://bugzilla.suse.com/1043960	external
https://bugzilla.suse.com/1044239	external
https://bugzilla.suse.com/1044240	external
https://bugzilla.suse.com/1044241	external
https://bugzilla.suse.com/1044242	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Mozilla Thunderbird",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update to Thunderbird 52.2 fixes security issues and bugs.\n\nThe following vulnerabilities were fixed:\n    \n* CVE-2017-5472: Use-after-free using destroyed node when regenerating trees\n* CVE-2017-7749: Use-after-free during docshell reloading\n* CVE-2017-7750: Use-after-free with track elements\n* CVE-2017-7751: Use-after-free with content viewer listeners\n* CVE-2017-7752: Use-after-free with IME input\n* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object\n* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors\n* CVE-2017-7757: Use-after-free in IndexedDB\n* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,\n  CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n  CVE-2017-7777: Vulnerabilities in the Graphite 2 library\n* CVE-2017-7758: Out-of-bounds read in Opus encoder\n* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks\n* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2\n\nMozilla Thunderbird now requires NSS 3.28.5.\n\nThe following bugs were fixed:\n\n* Embedded images not shown in email received from Hotmail/Outlook webmailer\n* Detection of non-ASCII font names in font selector\n* Attachment not forwarded correctly under certain circumstances\n* Multiple requests for master password when GMail OAuth2 is enabled\n* Large number of blank pages being printed under certain circumstances when invalid preferences were present\n* Messages sent via the Simple MAPI interface are forced to HTML\n* Calendar: Invitations can\u0027t be printed\n* Mailing list (group) not accessible from macOS or Outlook address book\n* Clicking on links with references/anchors where target doesn\u0027t exist in the message not opening in external browser\n  ",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2017-694",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_1579-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1040105",
        "url": "https://bugzilla.suse.com/1040105"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042090",
        "url": "https://bugzilla.suse.com/1042090"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1043960",
        "url": "https://bugzilla.suse.com/1043960"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1273265",
        "url": "https://bugzilla.suse.com/1273265"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1355039",
        "url": "https://bugzilla.suse.com/1355039"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1356558",
        "url": "https://bugzilla.suse.com/1356558"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1356824",
        "url": "https://bugzilla.suse.com/1356824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1357090",
        "url": "https://bugzilla.suse.com/1357090"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1359547",
        "url": "https://bugzilla.suse.com/1359547"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1360309",
        "url": "https://bugzilla.suse.com/1360309"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1363396",
        "url": "https://bugzilla.suse.com/1363396"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1364283",
        "url": "https://bugzilla.suse.com/1364283"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1365602",
        "url": "https://bugzilla.suse.com/1365602"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1366595",
        "url": "https://bugzilla.suse.com/1366595"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1368490",
        "url": "https://bugzilla.suse.com/1368490"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5470 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5470/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5472 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5472/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7749 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7749/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7750 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7750/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7751 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7751/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7752 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7752/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7754 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7754/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7756 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7756/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7757 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7757/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7758 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7758/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7763 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7763/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7764 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7764/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7765 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7765/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7771 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7771/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7772 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7772/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7773 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7773/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7774 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7774/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7775 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7775/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7776 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7776/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7777 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7777/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7778 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7778/"
      }
    ],
    "title": "Security update for Mozilla Thunderbird",
    "tracking": {
      "current_release_date": "2017-06-16T09:03:31Z",
      "generator": {
        "date": "2017-06-16T09:03:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2017:1579-1",
      "initial_release_date": "2017-06-16T09:03:31Z",
      "revision_history": [
        {
          "date": "2017-06-16T09:03:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-52.2-36.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-52.2-36.1.x86_64",
                  "product_id": "MozillaThunderbird-52.2-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
                  "product_id": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-devel-52.2-36.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-devel-52.2-36.1.x86_64",
                  "product_id": "MozillaThunderbird-devel-52.2-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-52.2-36.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-52.2-36.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-52.2-36.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-52.2-36.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-52.2-36.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-52.2-36.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12",
                "product": {
                  "name": "SUSE Package Hub 12",
                  "product_id": "SUSE Package Hub 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-52.2-36.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-devel-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-devel-52.2-36.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-52.2-36.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-52.2-36.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5470",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5470"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5470",
          "url": "https://www.suse.com/security/cve/CVE-2017-5470"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-5470",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-5470",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-5470",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-5470",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-5470",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5470"
    },
    {
      "cve": "CVE-2017-5472",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5472"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5472",
          "url": "https://www.suse.com/security/cve/CVE-2017-5472"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-5472",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-5472",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-5472",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-5472",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-5472",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5472"
    },
    {
      "cve": "CVE-2017-7749",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7749"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7749",
          "url": "https://www.suse.com/security/cve/CVE-2017-7749"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7749",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7749",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7749",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7749",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7749",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7749"
    },
    {
      "cve": "CVE-2017-7750",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7750"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability during video control operations when a \"\u003ctrack\u003e\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7750",
          "url": "https://www.suse.com/security/cve/CVE-2017-7750"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7750",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7750",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7750",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7750",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7750",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7750"
    },
    {
      "cve": "CVE-2017-7751",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7751"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7751",
          "url": "https://www.suse.com/security/cve/CVE-2017-7751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7751",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7751",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7751",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7751",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7751",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7751"
    },
    {
      "cve": "CVE-2017-7752",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7752"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7752",
          "url": "https://www.suse.com/security/cve/CVE-2017-7752"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7752",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7752",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7752",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7752",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7752",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7752"
    },
    {
      "cve": "CVE-2017-7754",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7754"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7754",
          "url": "https://www.suse.com/security/cve/CVE-2017-7754"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7754",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7754",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7754",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7754",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7754",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7754"
    },
    {
      "cve": "CVE-2017-7756",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7756"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7756",
          "url": "https://www.suse.com/security/cve/CVE-2017-7756"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7756",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7756",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7756",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7756",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7756",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7756"
    },
    {
      "cve": "CVE-2017-7757",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7757"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7757",
          "url": "https://www.suse.com/security/cve/CVE-2017-7757"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7757",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7757",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7757",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7757",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7757",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7757"
    },
    {
      "cve": "CVE-2017-7758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7758",
          "url": "https://www.suse.com/security/cve/CVE-2017-7758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7758",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7758",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7758",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7758",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7758",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7758"
    },
    {
      "cve": "CVE-2017-7763",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7763"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7763",
          "url": "https://www.suse.com/security/cve/CVE-2017-7763"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7763",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7763",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7763",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7763",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7763",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7763"
    },
    {
      "cve": "CVE-2017-7764",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7764"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7764",
          "url": "https://www.suse.com/security/cve/CVE-2017-7764"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7764",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7764",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7764",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7764",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7764",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7764"
    },
    {
      "cve": "CVE-2017-7765",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7765"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7765",
          "url": "https://www.suse.com/security/cve/CVE-2017-7765"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7765",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7765",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7765",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7765",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7765",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7765"
    },
    {
      "cve": "CVE-2017-7771",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7771"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7771",
          "url": "https://www.suse.com/security/cve/CVE-2017-7771"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7771",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7771",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7771",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7771",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7771",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7771"
    },
    {
      "cve": "CVE-2017-7772",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7772"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7772",
          "url": "https://www.suse.com/security/cve/CVE-2017-7772"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7772",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7772",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7772",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7772",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7772",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7772"
    },
    {
      "cve": "CVE-2017-7773",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7773"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7773",
          "url": "https://www.suse.com/security/cve/CVE-2017-7773"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7773",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7773",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7773",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7773",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7773",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7773"
    },
    {
      "cve": "CVE-2017-7774",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7774"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7774",
          "url": "https://www.suse.com/security/cve/CVE-2017-7774"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7774",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7774",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7774",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7774",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7774",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7774"
    },
    {
      "cve": "CVE-2017-7775",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7775"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7775",
          "url": "https://www.suse.com/security/cve/CVE-2017-7775"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7775",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7775",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7775",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7775",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7775",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7775"
    },
    {
      "cve": "CVE-2017-7776",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7776"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7776",
          "url": "https://www.suse.com/security/cve/CVE-2017-7776"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7776",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7776",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7776",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7776",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7776",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7776"
    },
    {
      "cve": "CVE-2017-7777",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7777"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7777",
          "url": "https://www.suse.com/security/cve/CVE-2017-7777"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7777",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7777",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7777",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7777",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7777",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7777"
    },
    {
      "cve": "CVE-2017-7778",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7778"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7778",
          "url": "https://www.suse.com/security/cve/CVE-2017-7778"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1043960 for CVE-2017-7778",
          "url": "https://bugzilla.suse.com/1043960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044239 for CVE-2017-7778",
          "url": "https://bugzilla.suse.com/1044239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044240 for CVE-2017-7778",
          "url": "https://bugzilla.suse.com/1044240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044241 for CVE-2017-7778",
          "url": "https://bugzilla.suse.com/1044241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044242 for CVE-2017-7778",
          "url": "https://bugzilla.suse.com/1044242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-06-16T09:03:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7778"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7778 (GCVE-0-2017-7778)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature