Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-5156 (GCVE-0-2018-5156)
Vulnerability from cvelistv5 – Published: 2018-10-18 13:00 – Updated: 2024-08-05 05:26
VLAI
EPSS
Summary
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Severity
No CVSS data available.
CWE
- Media recorder segmentation fault when track type is changed during capture
Assigner
References
16 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 60
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 60.1
(custom)
Affected: unspecified , < 52.9 (custom) |
|
| Mozilla | Firefox |
Affected:
unspecified , < 61
(custom)
|
Date Public
2018-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"name": "DSA-4235",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "DSA-4295",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"name": "RHSA-2018:2113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "104560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "USN-3705-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "52.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "61",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Media recorder segmentation fault when track type is changed during capture",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-25T10:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "GLSA-201810-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"name": "DSA-4235",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "DSA-4295",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"name": "RHSA-2018:2113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "104560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "USN-3705-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.1"
},
{
"version_affected": "\u003c",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "61"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Media recorder segmentation fault when track type is changed during capture"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"name": "DSA-4235",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "DSA-4295",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "104560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-5156",
"datePublished": "2018-10-18T13:00:00.000Z",
"dateReserved": "2018-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:26:46.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-5156",
"date": "2026-05-27",
"epss": "0.02953",
"percentile": "0.8666"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-5156\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-10-18T13:29:06.557\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.\"},{\"lang\":\"es\",\"value\":\"Puede ocurrir una vulnerabilidad al capturar una transmisi\u00f3n de medios cuando el tipo de origen de medios se cambia al mismo tiempo que se realiza la captura. Esto puede resultar en que los datos de transmisi\u00f3n se env\u00edan al tipo err\u00f3neo, lo que provoca un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60, Firefox ESR en versiones anteriores a la 60.1, Firefox en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 61.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.9.0\",\"matchCriteriaId\":\"B0C0F6C3-BDAA-407A-8FA4-7F2566549D46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"61.0\",\"matchCriteriaId\":\"2F47E7EA-86AF-46A8-8E17-3360A8AE8492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"52.9.1\",\"versionEndExcluding\":\"60.1.0\",\"matchCriteriaId\":\"33A41AE9-F936-40FE-9A9E-61E628712ECE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.0\",\"matchCriteriaId\":\"0FBD136C-202C-430B-876E-9D10972AA6C4\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104560\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041193\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2112\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2113\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1453127\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3705-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4235\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4295\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-15/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-16/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-17/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-19/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1453127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3705-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-16/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-17/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-19/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
BDU:2019-00508
Vulnerability from fstec - Published: 18.10.2018
VLAI
Title
Уязвимость механизма записи потока мультимедиа веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird, связанная с некорректной проверкой типа источника данных, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость механизма записи потока мультимедиа веб-браузеров Firefox, Firefox ESR и программы для работы с электронной почтой Thunderbird связана с приведением потоковых данных к некорректному типу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании путем изменения типа источника мультимедиа во время записи
Severity
Vendor
Canonical Ltd., Red Hat Inc., АО «ИВК», Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», Mozilla Corp.
Software Name
Ubuntu, Red Hat Enterprise Linux, Альт Линукс СПТ (запись в едином реестре российских программ №9), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), Firefox ESR, Thunderbird, SUSE Linux Enterprise, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, Suse Linux Enterprise Server, Альт 8 СП Сервер, Альт 8 СП Рабочая станция, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Workstation Extension, SUSE Package Hub for SUSE Linux Enterprise, Firefox, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156)
Software Version
14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (Альт Линукс СПТ), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), до 52.9.0 (Firefox ESR), от 52.9.1 до 60.1.0 (Firefox ESR), до 60.0 (Thunderbird), 12 SP3 (SUSE Linux Enterprise), 12 SP4 (SUSE Linux Enterprise), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), - (Альт 8 СП Сервер), - (Альт 8 СП Рабочая станция), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 11 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), 11 SP3-LTSS (Suse Linux Enterprise Server), 12 (SUSE Package Hub for SUSE Linux Enterprise), 12 SP2-CLIEN (SUSE Linux Enterprise Point of Sale), до 61 (Firefox), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»)
Possible Mitigations
Для Firefox:
Обновление программного обеспечения до 61.0 или более поздней версии
Для Firefox ESR:
Обновление программного обеспечения до 60.1.0 или более поздней версии
Для Thunderbird:
Обновление программного обеспечения до 60.0 или более поздней версии
Для Astra Linux - обновление:
пакета firefox до 61.0-1 или более поздней версии;
пакета firefox-esr до 52.9.0esr-1~deb8u1 или более поздней версии;
пакета thunderbird до 1:60.3.0-1~deb8u1 или более поздней версии
Для Ubuntu:
https://usn.ubuntu.com/3705-1/
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2018-5156/
Для Debian GNU/Linux:
https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
Для Альт Линукс СПТ:
https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html
Для Альт 8 СП Сервер и Альт 8 СП Рабочая станция:
http://altsp.su/obnovleniya-bezopasnosti/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2018-5156
Reference
https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html
https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
https://usn.ubuntu.com/3705-1/
https://www.suse.com/security/cve/CVE-2018-5156/
https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html
http://altsp.su/obnovleniya-bezopasnosti/
https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
https://www.debian.org/security/2018/dsa-4295
https://www.debian.org/security/2018/dsa-4235
https://access.redhat.com/security/cve/cve-2018-5156
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Mozilla Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 17.10 (Ubuntu), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u0434\u043e 52.9.0 (Firefox ESR), \u043e\u0442 52.9.1 \u0434\u043e 60.1.0 (Firefox ESR), \u0434\u043e 60.0 (Thunderbird), 12 SP3 (SUSE Linux Enterprise), 12 SP4 (SUSE Linux Enterprise), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 7 (SUSE OpenStack Cloud), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12-LTSS (Suse Linux Enterprise Server), 11 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 12 SP1-LTSS (Suse Linux Enterprise Server), 12 SP2-LTSS (Suse Linux Enterprise Server), 8 (Debian GNU/Linux), 11 SP3-LTSS (Suse Linux Enterprise Server), 12 (SUSE Package Hub for SUSE Linux Enterprise), 12 SP2-CLIEN (SUSE Linux Enterprise Point of Sale), \u0434\u043e 61 (Firefox), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Firefox:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 61.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Firefox ESR:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 60.1.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Thunderbird:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 60.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux - \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435:\n\u043f\u0430\u043a\u0435\u0442\u0430 firefox \u0434\u043e 61.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438; \n\u043f\u0430\u043a\u0435\u0442\u0430 firefox-esr \u0434\u043e 52.9.0esr-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438; \n\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird \u0434\u043e 1:60.3.0-1~deb8u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3705-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-5156/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\nhttps://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422:\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440 \u0438 \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f:\nhttp://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2018-5156",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.02.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00508",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-5156",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Firefox ESR, Thunderbird, SUSE Linux Enterprise, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE OpenStack Cloud, Suse Linux Enterprise Server, \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440, \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f, SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Workstation Extension, SUSE Package Hub for SUSE Linux Enterprise, Firefox, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 7.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 17.10 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. SUSE Linux Enterprise 12 SP3 , Novell Inc. SUSE Linux Enterprise 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. Suse Linux Enterprise Server 11 SP4 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0421\u0435\u0440\u0432\u0435\u0440 - , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f - , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. Suse Linux Enterprise Server 12-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP3-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP1-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Novell Inc. Suse Linux Enterprise Server 11 SP3-LTSS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u0442\u043e\u043a\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u043e\u0439 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0442\u0438\u043f\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u0442\u043e\u043a\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u043e\u0439 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u043c\u0443 \u0442\u0438\u043f\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u043f\u0438\u0441\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-19/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-17/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-15/\nhttps://usn.ubuntu.com/3705-1/\nhttps://www.suse.com/security/cve/CVE-2018-5156/\nhttps://cve.basealt.ru/otchet-po-obnovleniiam-ot-24042019.html\nhttp://altsp.su/obnovleniya-bezopasnosti/\nhttps://lists.debian.org/debian-lts-announce/2018/06/msg00014.html\nhttps://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\nhttps://www.debian.org/security/2018/dsa-4295\nhttps://www.debian.org/security/2018/dsa-4235\nhttps://access.redhat.com/security/cve/cve-2018-5156\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
CERTFR-2018-AVI-309
Vulnerability from certfr_avis - Published: 2018-06-27 - Updated: 2018-06-27
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox toutes versions ant\u00e9rieures \u00e0 61",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 52.9",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR toutes versions ant\u00e9rieures \u00e0 60.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12367",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
},
{
"name": "CVE-2018-12371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
},
{
"name": "CVE-2018-5186",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5186"
},
{
"name": "CVE-2018-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
},
{
"name": "CVE-2018-12359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
},
{
"name": "CVE-2018-12361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
},
{
"name": "CVE-2018-12358",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12358"
},
{
"name": "CVE-2018-12360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
},
{
"name": "CVE-2018-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
},
{
"name": "CVE-2018-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
},
{
"name": "CVE-2018-12370",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12370"
},
{
"name": "CVE-2018-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
},
{
"name": "CVE-2018-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
},
{
"name": "CVE-2018-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
},
{
"name": "CVE-2018-12368",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
},
{
"name": "CVE-2018-12365",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
},
{
"name": "CVE-2018-12366",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
},
{
"name": "CVE-2018-12369",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12369"
}
],
"initial_release_date": "2018-06-27T00:00:00",
"last_revision_date": "2018-06-27T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-309",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-17 du 26 juin 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-16 du 26 juin 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-15 du 26 juin 2018",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/"
}
]
}
CERTFR-2018-AVI-373
Vulnerability from certfr_avis - Published: 2018-08-07 - Updated: 2018-08-07
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Mozilla Thunderbird versions antérieures à 60 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12367",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12367"
},
{
"name": "CVE-2018-12371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12371"
},
{
"name": "CVE-2018-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12362"
},
{
"name": "CVE-2018-12359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12359"
},
{
"name": "CVE-2018-12361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12361"
},
{
"name": "CVE-2018-12360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12360"
},
{
"name": "CVE-2018-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5187"
},
{
"name": "CVE-2018-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5156"
},
{
"name": "CVE-2018-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12364"
},
{
"name": "CVE-2018-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5188"
},
{
"name": "CVE-2018-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12363"
},
{
"name": "CVE-2018-12368",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12368"
},
{
"name": "CVE-2018-12365",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12365"
},
{
"name": "CVE-2018-12366",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12366"
}
],
"initial_release_date": "2018-08-07T00:00:00",
"last_revision_date": "2018-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-373",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-19 du 06 ao\u00fbt 2018",
"url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-19/"
}
]
}
CNVD-2018-14985
Vulnerability from cnvd - Published: 2018-08-10
VLAI
Title
Mozilla Firefox和Firefox ESR拒绝服务漏洞(CNVD-2018-14985)
Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 61之前版本、Firefox ESR 52.9之前版本和60.1之前版本中存在安全漏洞。远程攻击者可利用该漏洞造成拒绝服务(段错误和崩溃)。
Severity
中
Patch Name
Mozilla Firefox和Firefox ESR拒绝服务漏洞(CNVD-2018-14985)的补丁
Patch Description
Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器;Firefox ESR是Firefox的一个延长支持版本。
Mozilla Firefox 61之前版本、Firefox ESR 52.9之前版本和60.1之前版本中存在安全漏洞。远程攻击者可利用该漏洞造成拒绝服务(段错误和崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
Reference
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
Impacted products
| Name | ['Mozilla Firefox <61', 'Mozilla Firefox ESR <52.9', 'Mozilla Firefox ESR <60.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-5156"
}
},
"description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u6bb5\u9519\u8bef\u548c\u5d29\u6e83\uff09\u3002",
"discovererName": "Nils",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-14985",
"openTime": "2018-08-10",
"patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u6bb5\u9519\u8bef\u548c\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u548cFirefox ESR\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-14985\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c61",
"Mozilla Firefox ESR \u003c52.9",
"Mozilla Firefox ESR \u003c60.1"
]
},
"referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
"serverity": "\u4e2d",
"submitTime": "2018-06-27",
"title": "Mozilla Firefox\u548cFirefox ESR\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-14985\uff09"
}
FKIE_CVE-2018-5156
Vulnerability from fkie_nvd - Published: 2018-10-18 13:29 - Updated: 2025-11-25 17:50
Severity
Summary
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C0F6C3-BDAA-407A-8FA4-7F2566549D46",
"versionEndExcluding": "52.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F47E7EA-86AF-46A8-8E17-3360A8AE8492",
"versionEndExcluding": "61.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33A41AE9-F936-40FE-9A9E-61E628712ECE",
"versionEndExcluding": "60.1.0",
"versionStartIncluding": "52.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBD136C-202C-430B-876E-9D10972AA6C4",
"versionEndExcluding": "60.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
},
{
"lang": "es",
"value": "Puede ocurrir una vulnerabilidad al capturar una transmisi\u00f3n de medios cuando el tipo de origen de medios se cambia al mismo tiempo que se realiza la captura. Esto puede resultar en que los datos de transmisi\u00f3n se env\u00edan al tipo err\u00f3neo, lo que provoca un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60, Firefox ESR en versiones anteriores a la 60.1, Firefox en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 61."
}
],
"id": "CVE-2018-5156",
"lastModified": "2025-11-25T17:50:16.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-18T13:29:06.557",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-X98G-G264-XXPX
Vulnerability from github – Published: 2022-05-14 01:52 – Updated: 2024-10-21 15:32
VLAI
Details
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2018-5156"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-18T13:29:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"id": "GHSA-x98g-g264-xxpx",
"modified": "2024-10-21T15:32:21Z",
"published": "2022-05-14T01:52:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5156"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3705-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104560"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041193"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-5156
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-5156",
"description": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"id": "GSD-2018-5156",
"references": [
"https://www.suse.com/security/cve/CVE-2018-5156.html",
"https://www.debian.org/security/2018/dsa-4295",
"https://www.debian.org/security/2018/dsa-4235",
"https://access.redhat.com/errata/RHSA-2018:2113",
"https://access.redhat.com/errata/RHSA-2018:2112",
"https://ubuntu.com/security/CVE-2018-5156",
"https://advisories.mageia.org/CVE-2018-5156.html",
"https://security.archlinux.org/CVE-2018-5156",
"https://linux.oracle.com/cve/CVE-2018-5156.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-5156"
],
"details": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"id": "GSD-2018-5156",
"modified": "2023-12-13T01:22:40.220719Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.1"
},
{
"version_affected": "\u003c",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "61"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Media recorder segmentation fault when track type is changed during capture"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"name": "DSA-4235",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "DSA-4295",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "104560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5156"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.1"
},
{
"version_affected": "\u003c",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "61"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, Firefox \u003c 61, and Thunderbird \u003c 60."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Media recorder segmentation fault when track type is changed during capture"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "52.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "60.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "60.1.0",
"versionStartIncluding": "52.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "61.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5156"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1453127"
},
{
"name": "DSA-4295",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"name": "DSA-4235",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "RHSA-2018:2112",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "104560",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-13"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-12-06T18:39Z",
"publishedDate": "2018-10-18T13:29Z"
}
}
}
OPENSUSE-SU-2018:2807-1
Vulnerability from csaf_opensuse - Published: 2018-08-16 07:40 - Updated: 2018-08-16 07:40Summary
Security update for seamonkey
Severity
Important
Notes
Title of the patch: Security update for seamonkey
Description of the patch: This update for seamonkey fixes the following issues:
Mozilla Seamonkey was updated to 2.49.4:
Now uses Gecko 52.9.1esr (boo#1098998).
Security issues fixed with MFSA 2018-16 (boo#1098998):
* CVE-2018-12359: Buffer overflow using computed size of canvas element
* CVE-2018-12360: Use-after-free when using focus()
* CVE-2018-12362: Integer overflow in SSSE3 scaler
* CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363: Use-after-free when appending DOM nodes
* CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365: Compromised IPC child process can list local filenames
* CVE-2018-12366: Invalid data handling during QCMS transformations
* CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
Localizations finally included again (boo#1062195)
Updated summary and description to more accurately
reflect what SeaMonkey is, giving less prominence to the long-
discontinued Mozilla Application Suite that many users may no
longer be familiar with
Update to Seamonkey 2.49.2
* Gecko 52.6esr (including security relevant fixes) (boo#1077291)
* fix issue in Composer
* With some themes, the menulist- and history-dropmarker didn't show
* Scrollbars didn't show the buttons
* WebRTC has been disabled by default. It needs an add-on to enable it per site
* The active title bar was not visually emphasized
Correct requires and provides handling (boo#1076907)
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames: openSUSE-2018-873
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for seamonkey",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for seamonkey fixes the following issues:\n\nMozilla Seamonkey was updated to 2.49.4:\n\nNow uses Gecko 52.9.1esr (boo#1098998).\n\nSecurity issues fixed with MFSA 2018-16 (boo#1098998):\n\n* CVE-2018-12359: Buffer overflow using computed size of canvas element\n* CVE-2018-12360: Use-after-free when using focus()\n* CVE-2018-12362: Integer overflow in SSSE3 scaler\n* CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture\n* CVE-2018-12363: Use-after-free when appending DOM nodes\n* CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins\n* CVE-2018-12365: Compromised IPC child process can list local filenames\n* CVE-2018-12366: Invalid data handling during QCMS transformations\n* CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9\n\nLocalizations finally included again (boo#1062195)\n\nUpdated summary and description to more accurately\nreflect what SeaMonkey is, giving less prominence to the long-\ndiscontinued Mozilla Application Suite that many users may no\nlonger be familiar with\n\nUpdate to Seamonkey 2.49.2\n\n* Gecko 52.6esr (including security relevant fixes) (boo#1077291)\n* fix issue in Composer\n* With some themes, the menulist- and history-dropmarker didn\u0027t show\n* Scrollbars didn\u0027t show the buttons\n* WebRTC has been disabled by default. It needs an add-on to enable it per site\n* The active title bar was not visually emphasized\n\nCorrect requires and provides handling (boo#1076907)\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-873",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_2807-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:2807-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GLUOSK2EJUPHGOY64OTIF2JORV62RASV/#GLUOSK2EJUPHGOY64OTIF2JORV62RASV"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:2807-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GLUOSK2EJUPHGOY64OTIF2JORV62RASV/#GLUOSK2EJUPHGOY64OTIF2JORV62RASV"
},
{
"category": "self",
"summary": "SUSE Bug 1020631",
"url": "https://bugzilla.suse.com/1020631"
},
{
"category": "self",
"summary": "SUSE Bug 1062195",
"url": "https://bugzilla.suse.com/1062195"
},
{
"category": "self",
"summary": "SUSE Bug 1076907",
"url": "https://bugzilla.suse.com/1076907"
},
{
"category": "self",
"summary": "SUSE Bug 1077291",
"url": "https://bugzilla.suse.com/1077291"
},
{
"category": "self",
"summary": "SUSE Bug 1098998",
"url": "https://bugzilla.suse.com/1098998"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12364 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12365 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12366 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5188/"
}
],
"title": "Security update for seamonkey",
"tracking": {
"current_release_date": "2018-08-16T07:40:05Z",
"generator": {
"date": "2018-08-16T07:40:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:2807-1",
"initial_release_date": "2018-08-16T07:40:05Z",
"revision_history": [
{
"date": "2018-08-16T07:40:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.49.4-bp150.3.3.1.aarch64",
"product": {
"name": "seamonkey-2.49.4-bp150.3.3.1.aarch64",
"product_id": "seamonkey-2.49.4-bp150.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"product": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"product_id": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"product": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"product_id": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.49.4-bp150.3.3.1.x86_64",
"product": {
"name": "seamonkey-2.49.4-bp150.3.3.1.x86_64",
"product_id": "seamonkey-2.49.4-bp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"product": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"product_id": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64",
"product": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64",
"product_id": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.49.4-bp150.3.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64"
},
"product_reference": "seamonkey-2.49.4-bp150.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.49.4-bp150.3.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64"
},
"product_reference": "seamonkey-2.49.4-bp150.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64"
},
"product_reference": "seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64"
},
"product_reference": "seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64"
},
"product_reference": "seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
},
"product_reference": "seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12359"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12359",
"url": "https://www.suse.com/security/cve/CVE-2018-12359"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12359",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12359"
},
{
"cve": "CVE-2018-12360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12360"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12360",
"url": "https://www.suse.com/security/cve/CVE-2018-12360"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12360",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12360"
},
{
"cve": "CVE-2018-12362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12362"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12362",
"url": "https://www.suse.com/security/cve/CVE-2018-12362"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12362",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12362"
},
{
"cve": "CVE-2018-12363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12363"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12363",
"url": "https://www.suse.com/security/cve/CVE-2018-12363"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12363",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12363"
},
{
"cve": "CVE-2018-12364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12364"
}
],
"notes": [
{
"category": "general",
"text": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12364",
"url": "https://www.suse.com/security/cve/CVE-2018-12364"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12364",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12364"
},
{
"cve": "CVE-2018-12365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12365"
}
],
"notes": [
{
"category": "general",
"text": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12365",
"url": "https://www.suse.com/security/cve/CVE-2018-12365"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12365",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12365"
},
{
"cve": "CVE-2018-12366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12366"
}
],
"notes": [
{
"category": "general",
"text": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12366",
"url": "https://www.suse.com/security/cve/CVE-2018-12366"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12366",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-12366"
},
{
"cve": "CVE-2018-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5156"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5156",
"url": "https://www.suse.com/security/cve/CVE-2018-5156"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5156",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-5156"
},
{
"cve": "CVE-2018-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5188"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5188",
"url": "https://www.suse.com/security/cve/CVE-2018-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5188",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-common-2.49.4-bp150.3.3.1.x86_64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.aarch64",
"SUSE Package Hub 15:seamonkey-translations-other-2.49.4-bp150.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-16T07:40:05Z",
"details": "important"
}
],
"title": "CVE-2018-5188"
}
]
}
OPENSUSE-SU-2018:3687-1
Vulnerability from csaf_opensuse - Published: 2018-11-09 08:34 - Updated: 2018-11-09 08:34Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues.
Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28.
In general, these flaws cannot be exploited through email in Thunderbird because scripting
is disabled when reading mail, but are potentially risks in browser or browser-like contexts:
- CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998)
- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998)
- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998)
- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998)
- CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998)
- CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998)
- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998)
- CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998)
- CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998)
- CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998)
- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998)
- CVE-2018-5187: Various memory safety bugs (bsc#1098998)
- CVE-2018-5188: Various memory safety bugs (bsc#1098998)
- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343)
- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343)
- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489)
- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (bsc#1107343)
- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363)
- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)
- CVE-2018-12389: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12390: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin (bsc#1112852)
- CVE-2018-12392: Fixed crash with nested event loops (bsc#1112852)
- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript (bsc#1112852)
These non-security issues were fixed:
- Fix date display issues (bsc#1109379)
- Fix start-up crash due to folder name with special characters (bsc#1107772)
- Storing of remote content settings fixed (bsc#1084603)
- Improved message handling and composing
- Improved handling of message templates
- Support for OAuth2 and FIDO U2F
- Various Calendar improvements
- Various fixes and changes to e-mail workflow
- Various IMAP fixes
- Native desktop notifications
- various theme fixes
- Shift+PageUp/PageDown in Write window
- Gloda attachment filtering
- Mailing list address auto-complete enter/return handling
- Thunderbird hung if HTML signature references non-existent image
- Filters not working for headers that appear more than once
Patchnames: openSUSE-2018-1360
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues.\n\nMultiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28.\nIn general, these flaws cannot be exploited through email in Thunderbird because scripting\nis disabled when reading mail, but are potentially risks in browser or browser-like contexts:\n\n- CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998)\n- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998)\n- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998)\n- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998)\n- CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998)\n- CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998)\n- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998)\n- CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998)\n- CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998)\n- CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998)\n- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998)\n- CVE-2018-5187: Various memory safety bugs (bsc#1098998)\n- CVE-2018-5188: Various memory safety bugs (bsc#1098998)\n- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343)\n- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343)\n- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489)\n- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (bsc#1107343)\n- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363)\n- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)\n- CVE-2018-12389: Fixed memory safety bugs (bsc#1112852)\n- CVE-2018-12390: Fixed memory safety bugs (bsc#1112852)\n- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin (bsc#1112852)\n- CVE-2018-12392: Fixed crash with nested event loops (bsc#1112852)\n- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript (bsc#1112852)\n \nThese non-security issues were fixed:\n\n- Fix date display issues (bsc#1109379)\n- Fix start-up crash due to folder name with special characters (bsc#1107772)\n- Storing of remote content settings fixed (bsc#1084603)\n- Improved message handling and composing\n- Improved handling of message templates\n- Support for OAuth2 and FIDO U2F\n- Various Calendar improvements\n- Various fixes and changes to e-mail workflow \n- Various IMAP fixes\n- Native desktop notifications\n- various theme fixes\n- Shift+PageUp/PageDown in Write window\n- Gloda attachment filtering\n- Mailing list address auto-complete enter/return handling\n- Thunderbird hung if HTML signature references non-existent image\n- Filters not working for headers that appear more than once\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-1360",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_3687-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:3687-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4/#BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:3687-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4/#BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4"
},
{
"category": "self",
"summary": "SUSE Bug 1066489",
"url": "https://bugzilla.suse.com/1066489"
},
{
"category": "self",
"summary": "SUSE Bug 1084603",
"url": "https://bugzilla.suse.com/1084603"
},
{
"category": "self",
"summary": "SUSE Bug 1098998",
"url": "https://bugzilla.suse.com/1098998"
},
{
"category": "self",
"summary": "SUSE Bug 1107343",
"url": "https://bugzilla.suse.com/1107343"
},
{
"category": "self",
"summary": "SUSE Bug 1107772",
"url": "https://bugzilla.suse.com/1107772"
},
{
"category": "self",
"summary": "SUSE Bug 1109363",
"url": "https://bugzilla.suse.com/1109363"
},
{
"category": "self",
"summary": "SUSE Bug 1109379",
"url": "https://bugzilla.suse.com/1109379"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16541 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12364 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12365 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12366 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12367 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12371 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12376 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12377 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12378 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12383 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12385 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12391 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16541 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5187 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5188/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2018-11-09T08:34:29Z",
"generator": {
"date": "2018-11-09T08:34:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:3687-1",
"initial_release_date": "2018-11-09T08:34:29Z",
"revision_history": [
{
"date": "2018-11-09T08:34:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-60.3.0-74.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.3.0-74.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16541"
}
],
"notes": [
{
"category": "general",
"text": "Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16541",
"url": "https://www.suse.com/security/cve/CVE-2017-16541"
},
{
"category": "external",
"summary": "SUSE Bug 1066489 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1066489"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2017-16541",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2017-16541"
},
{
"cve": "CVE-2018-12359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12359"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12359",
"url": "https://www.suse.com/security/cve/CVE-2018-12359"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12359",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12359"
},
{
"cve": "CVE-2018-12360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12360"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12360",
"url": "https://www.suse.com/security/cve/CVE-2018-12360"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12360",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12360"
},
{
"cve": "CVE-2018-12361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12361"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12361",
"url": "https://www.suse.com/security/cve/CVE-2018-12361"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12361",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12361"
},
{
"cve": "CVE-2018-12362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12362"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12362",
"url": "https://www.suse.com/security/cve/CVE-2018-12362"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12362",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12362"
},
{
"cve": "CVE-2018-12363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12363"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12363",
"url": "https://www.suse.com/security/cve/CVE-2018-12363"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12363",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12363"
},
{
"cve": "CVE-2018-12364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12364"
}
],
"notes": [
{
"category": "general",
"text": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12364",
"url": "https://www.suse.com/security/cve/CVE-2018-12364"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12364",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12364"
},
{
"cve": "CVE-2018-12365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12365"
}
],
"notes": [
{
"category": "general",
"text": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12365",
"url": "https://www.suse.com/security/cve/CVE-2018-12365"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12365",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12365"
},
{
"cve": "CVE-2018-12366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12366"
}
],
"notes": [
{
"category": "general",
"text": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12366",
"url": "https://www.suse.com/security/cve/CVE-2018-12366"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12366",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12366"
},
{
"cve": "CVE-2018-12367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12367"
}
],
"notes": [
{
"category": "general",
"text": "In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12367",
"url": "https://www.suse.com/security/cve/CVE-2018-12367"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12367",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12367"
},
{
"cve": "CVE-2018-12371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12371"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR \u003c 60.1, Thunderbird \u003c 60, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12371",
"url": "https://www.suse.com/security/cve/CVE-2018-12371"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12371",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12371"
},
{
"cve": "CVE-2018-12376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12376"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12376",
"url": "https://www.suse.com/security/cve/CVE-2018-12376"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12376",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12376"
},
{
"cve": "CVE-2018-12377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12377"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12377",
"url": "https://www.suse.com/security/cve/CVE-2018-12377"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12377",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12377"
},
{
"cve": "CVE-2018-12378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12378"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12378",
"url": "https://www.suse.com/security/cve/CVE-2018-12378"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12378",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12378"
},
{
"cve": "CVE-2018-12383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12383"
}
],
"notes": [
{
"category": "general",
"text": "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox \u003c 62, Firefox ESR \u003c 60.2.1, and Thunderbird \u003c 60.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12383",
"url": "https://www.suse.com/security/cve/CVE-2018-12383"
},
{
"category": "external",
"summary": "SUSE Bug 1107343 for CVE-2018-12383",
"url": "https://bugzilla.suse.com/1107343"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12383"
},
{
"cve": "CVE-2018-12385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12385"
}
],
"notes": [
{
"category": "general",
"text": "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird \u003c 60.2.1, Firefox ESR \u003c 60.2.1, and Firefox \u003c 62.0.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12385",
"url": "https://www.suse.com/security/cve/CVE-2018-12385"
},
{
"category": "external",
"summary": "SUSE Bug 1109363 for CVE-2018-12385",
"url": "https://bugzilla.suse.com/1109363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-12385"
},
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12391"
}
],
"notes": [
{
"category": "general",
"text": "During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12391",
"url": "https://www.suse.com/security/cve/CVE-2018-12391"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12391",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12391"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-16541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16541"
}
],
"notes": [
{
"category": "general",
"text": "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16541",
"url": "https://www.suse.com/security/cve/CVE-2018-16541"
},
{
"category": "external",
"summary": "SUSE Bug 1107421 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1107421"
},
{
"category": "external",
"summary": "SUSE Bug 1108027 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1108027"
},
{
"category": "external",
"summary": "SUSE Bug 1109105 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1109105"
},
{
"category": "external",
"summary": "SUSE Bug 1111479 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1111479"
},
{
"category": "external",
"summary": "SUSE Bug 1111480 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1111480"
},
{
"category": "external",
"summary": "SUSE Bug 1112229 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1112229"
},
{
"category": "external",
"summary": "SUSE Bug 1117022 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1117022"
},
{
"category": "external",
"summary": "SUSE Bug 1118455 for CVE-2018-16541",
"url": "https://bugzilla.suse.com/1118455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-16541"
},
{
"cve": "CVE-2018-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5156"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5156",
"url": "https://www.suse.com/security/cve/CVE-2018-5156"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5156",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-5156"
},
{
"cve": "CVE-2018-5187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5187"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5187",
"url": "https://www.suse.com/security/cve/CVE-2018-5187"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5187",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-5187"
},
{
"cve": "CVE-2018-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5188"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5188",
"url": "https://www.suse.com/security/cve/CVE-2018-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5188",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.3.0-74.2.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.3.0-74.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-09T08:34:29Z",
"details": "important"
}
],
"title": "CVE-2018-5188"
}
]
}
OPENSUSE-SU-2024:10590-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
seamonkey-2.53.9.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: seamonkey-2.53.9.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the seamonkey-2.53.9.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10590
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
71 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "seamonkey-2.53.9.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the seamonkey-2.53.9.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10590",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10590-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4879 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0412 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0414 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0415 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0418 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0419 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0592 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0593 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1195 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1233 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1236 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1238 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1241 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1241/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12364 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12365 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12366 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5188/"
}
],
"title": "seamonkey-2.53.9.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10590-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.9.1-1.1.aarch64",
"product": {
"name": "seamonkey-2.53.9.1-1.1.aarch64",
"product_id": "seamonkey-2.53.9.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"product": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"product_id": "seamonkey-dom-inspector-2.53.9.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.9.1-1.1.aarch64",
"product": {
"name": "seamonkey-irc-2.53.9.1-1.1.aarch64",
"product_id": "seamonkey-irc-2.53.9.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.9.1-1.1.ppc64le",
"product": {
"name": "seamonkey-2.53.9.1-1.1.ppc64le",
"product_id": "seamonkey-2.53.9.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"product": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"product_id": "seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.9.1-1.1.ppc64le",
"product": {
"name": "seamonkey-irc-2.53.9.1-1.1.ppc64le",
"product_id": "seamonkey-irc-2.53.9.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.9.1-1.1.s390x",
"product": {
"name": "seamonkey-2.53.9.1-1.1.s390x",
"product_id": "seamonkey-2.53.9.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"product": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"product_id": "seamonkey-dom-inspector-2.53.9.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.9.1-1.1.s390x",
"product": {
"name": "seamonkey-irc-2.53.9.1-1.1.s390x",
"product_id": "seamonkey-irc-2.53.9.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "seamonkey-2.53.9.1-1.1.x86_64",
"product": {
"name": "seamonkey-2.53.9.1-1.1.x86_64",
"product_id": "seamonkey-2.53.9.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"product": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"product_id": "seamonkey-dom-inspector-2.53.9.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "seamonkey-irc-2.53.9.1-1.1.x86_64",
"product": {
"name": "seamonkey-irc-2.53.9.1-1.1.x86_64",
"product_id": "seamonkey-irc-2.53.9.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.9.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64"
},
"product_reference": "seamonkey-2.53.9.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.9.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le"
},
"product_reference": "seamonkey-2.53.9.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.9.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x"
},
"product_reference": "seamonkey-2.53.9.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-2.53.9.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64"
},
"product_reference": "seamonkey-2.53.9.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64"
},
"product_reference": "seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le"
},
"product_reference": "seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x"
},
"product_reference": "seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-dom-inspector-2.53.9.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64"
},
"product_reference": "seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.9.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64"
},
"product_reference": "seamonkey-irc-2.53.9.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.9.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le"
},
"product_reference": "seamonkey-irc-2.53.9.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.9.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x"
},
"product_reference": "seamonkey-irc-2.53.9.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "seamonkey-irc-2.53.9.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
},
"product_reference": "seamonkey-irc-2.53.9.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-4879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4879"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4879",
"url": "https://www.suse.com/security/cve/CVE-2007-4879"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2007-4879",
"url": "https://bugzilla.suse.com/370353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-4879"
},
{
"cve": "CVE-2008-0412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0412"
}
],
"notes": [
{
"category": "general",
"text": "The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0412",
"url": "https://www.suse.com/security/cve/CVE-2008-0412"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0412",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0412"
},
{
"cve": "CVE-2008-0414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0414"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka \"focus spoofing.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0414",
"url": "https://www.suse.com/security/cve/CVE-2008-0414"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0414",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0414"
},
{
"cve": "CVE-2008-0415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0415"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0415",
"url": "https://www.suse.com/security/cve/CVE-2008-0415"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0415",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0415"
},
{
"cve": "CVE-2008-0418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0418"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using \"flat\" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0418",
"url": "https://www.suse.com/security/cve/CVE-2008-0418"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0418",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0418"
},
{
"cve": "CVE-2008-0419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0419"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0419",
"url": "https://www.suse.com/security/cve/CVE-2008-0419"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0419",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0419"
},
{
"cve": "CVE-2008-0592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0592"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0592",
"url": "https://www.suse.com/security/cve/CVE-2008-0592"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0592",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0592"
},
{
"cve": "CVE-2008-0593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0593"
}
],
"notes": [
{
"category": "general",
"text": "Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0593",
"url": "https://www.suse.com/security/cve/CVE-2008-0593"
},
{
"category": "external",
"summary": "SUSE Bug 354469 for CVE-2008-0593",
"url": "https://bugzilla.suse.com/354469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-0593"
},
{
"cve": "CVE-2008-1195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1195"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1195",
"url": "https://www.suse.com/security/cve/CVE-2008-1195"
},
{
"category": "external",
"summary": "SUSE Bug 368134 for CVE-2008-1195",
"url": "https://bugzilla.suse.com/368134"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2008-1195",
"url": "https://bugzilla.suse.com/370353"
},
{
"category": "external",
"summary": "SUSE Bug 379038 for CVE-2008-1195",
"url": "https://bugzilla.suse.com/379038"
},
{
"category": "external",
"summary": "SUSE Bug 404983 for CVE-2008-1195",
"url": "https://bugzilla.suse.com/404983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-1195"
},
{
"cve": "CVE-2008-1233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1233"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via \"XPCNativeWrapper pollution.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1233",
"url": "https://www.suse.com/security/cve/CVE-2008-1233"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2008-1233",
"url": "https://bugzilla.suse.com/370353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1233"
},
{
"cve": "CVE-2008-1236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1236"
}
],
"notes": [
{
"category": "general",
"text": "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1236",
"url": "https://www.suse.com/security/cve/CVE-2008-1236"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2008-1236",
"url": "https://bugzilla.suse.com/370353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1236"
},
{
"cve": "CVE-2008-1238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1238"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1238",
"url": "https://www.suse.com/security/cve/CVE-2008-1238"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2008-1238",
"url": "https://bugzilla.suse.com/370353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1238"
},
{
"cve": "CVE-2008-1241",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1241"
}
],
"notes": [
{
"category": "general",
"text": "GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1241",
"url": "https://www.suse.com/security/cve/CVE-2008-1241"
},
{
"category": "external",
"summary": "SUSE Bug 370353 for CVE-2008-1241",
"url": "https://bugzilla.suse.com/370353"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1241"
},
{
"cve": "CVE-2018-12359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12359"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12359",
"url": "https://www.suse.com/security/cve/CVE-2018-12359"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12359",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12359"
},
{
"cve": "CVE-2018-12360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12360"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12360",
"url": "https://www.suse.com/security/cve/CVE-2018-12360"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12360",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12360"
},
{
"cve": "CVE-2018-12362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12362"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12362",
"url": "https://www.suse.com/security/cve/CVE-2018-12362"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12362",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12362"
},
{
"cve": "CVE-2018-12363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12363"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12363",
"url": "https://www.suse.com/security/cve/CVE-2018-12363"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12363",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12363"
},
{
"cve": "CVE-2018-12364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12364"
}
],
"notes": [
{
"category": "general",
"text": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12364",
"url": "https://www.suse.com/security/cve/CVE-2018-12364"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12364",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12364"
},
{
"cve": "CVE-2018-12365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12365"
}
],
"notes": [
{
"category": "general",
"text": "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12365",
"url": "https://www.suse.com/security/cve/CVE-2018-12365"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12365",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12365"
},
{
"cve": "CVE-2018-12366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12366"
}
],
"notes": [
{
"category": "general",
"text": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12366",
"url": "https://www.suse.com/security/cve/CVE-2018-12366"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-12366",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12366"
},
{
"cve": "CVE-2018-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5156"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5156",
"url": "https://www.suse.com/security/cve/CVE-2018-5156"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5156",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5156"
},
{
"cve": "CVE-2018-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5188"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60, Thunderbird \u003c 52.9, Firefox ESR \u003c 60.1, Firefox ESR \u003c 52.9, and Firefox \u003c 61.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5188",
"url": "https://www.suse.com/security/cve/CVE-2018-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1098998 for CVE-2018-5188",
"url": "https://bugzilla.suse.com/1098998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-dom-inspector-2.53.9.1-1.1.x86_64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.aarch64",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.s390x",
"openSUSE Tumbleweed:seamonkey-irc-2.53.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-5188"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…