Vulnerability-Lookup

CVE-2024-3854 (GCVE-0-2024-3854)

Vulnerability from cvelistv5 – Published: 2024-04-16 15:14 – Updated: 2024-08-01 20:26

Summary

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Out-of-bounds-read after mis-optimized switch statement

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1884552
https://lists.debian.org/debian-lts-announce/2024…
https://lists.debian.org/debian-lts-announce/2024…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox	Affected: unspecified , < 125 (custom)
Mozilla	Firefox ESR	Affected: unspecified , < 115.10 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 115.10 (custom)

Credits

Lukas Bernhard

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "125",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firefox_esr",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.10",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thunderbird",
            "vendor": "mozilla",
            "versions": [
              {
                "lessThan": "115.10",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3854",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T15:00:10.881479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:32:50.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:26:57.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "125",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Lukas Bernhard"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10."
            }
          ],
          "value": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds-read after mis-optimized switch statement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T18:15:59.089Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-3854",
    "datePublished": "2024-04-16T15:14:05.902Z",
    "dateReserved": "2024-04-15T20:26:40.828Z",
    "dateUpdated": "2024-08-01T20:26:57.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-3854",
      "date": "2026-05-28",
      "epss": "0.00928",
      "percentile": "0.76391"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3854\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2024-04-16T16:15:08.440\",\"lastModified\":\"2025-04-01T14:11:53.310\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\"},{\"lang\":\"es\",\"value\":\"En algunos patrones de c\u00f3digo, el JIT optimiz\u00f3 incorrectamente las declaraciones de cambio y gener\u00f3 c\u00f3digo con lecturas fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox \u0026lt; 125 y Firefox ESR \u0026lt; 115.10.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.10\",\"matchCriteriaId\":\"A9E787D0-BCFE-45BA-AC41-477D33CEBBE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"125.0\",\"matchCriteriaId\":\"7334A1C6-C6BF-4C70-ADF1-736BCE0EA227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.10\",\"matchCriteriaId\":\"E0E4DEC0-5D13-48E9-B6A5-2DC8F30785DE\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1884552\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-18/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-19/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-20/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1884552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-18/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-19/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2024-20/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1884552\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-18/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-19/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-20/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:26:57.045Z\"}}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3854\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-23T15:00:10.881479Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\", \"lessThan\": \"125\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"firefox_esr\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\", \"lessThan\": \"115.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*\"], \"vendor\": \"mozilla\", \"product\": \"thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\", \"lessThan\": \"115.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-22T19:09:56.257Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Lukas Bernhard\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"125\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.10\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115.10\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1884552\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-18/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-19/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2024-20/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Out-of-bounds-read after mis-optimized switch statement\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-06-21T18:15:59.089Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3854\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:26:57.045Z\", \"dateReserved\": \"2024-04-15T20:26:40.828Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2024-04-16T15:14:05.902Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

alsa-2024:1908

Vulnerability from osv_almalinux

Published

2024-04-18 00:00

Modified

2024-04-22 08:24

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.10.0 ESR.

Security Fix(es):

GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
Permission prompt input delay could expire when not in focus (CVE-2024-2609)
Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1908	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-2609	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3852	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3854	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3857	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3859	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3861	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3864	REPORT
	https://bugzilla.redhat.com/2275547	REPORT
	https://bugzilla.redhat.com/2275549	REPORT
	https://bugzilla.redhat.com/2275550	REPORT
	https://bugzilla.redhat.com/2275551	REPORT
	https://bugzilla.redhat.com/2275552	REPORT
	https://bugzilla.redhat.com/2275553	REPORT
	https://bugzilla.redhat.com/2275555	REPORT
	https://errata.almalinux.org/9/ALSA-2024-1908.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.10.0-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.10.0-1.el9_3.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.10.0 ESR.\n\nSecurity Fix(es):\n  \n* GetBoundName in the JIT returned the wrong object (CVE-2024-3852)\n\n* Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)\n* Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)\n* Permission prompt input delay could expire when not in focus (CVE-2024-2609)\n* Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)\n* Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)\n* Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1908",
  "modified": "2024-04-22T08:24:12Z",
  "published": "2024-04-18T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1908"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2609"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3854"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3857"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3859"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3861"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3864"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275547"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275549"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275550"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275551"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275552"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275553"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275555"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-1908.html"
    }
  ],
  "related": [
    "CVE-2024-3852",
    "CVE-2024-3854",
    "CVE-2024-3857",
    "CVE-2024-2609",
    "CVE-2024-3859",
    "CVE-2024-3861",
    "CVE-2024-3864"
  ],
  "summary": "Important: firefox security update"
}

alsa-2024:1912

Vulnerability from osv_almalinux

Published

2024-04-18 00:00

Modified

2024-04-22 08:21

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.10.0 ESR.

Security Fix(es):

GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
Permission prompt input delay could expire when not in focus (CVE-2024-2609)
Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:1912	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-2609	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3852	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3854	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3857	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3859	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3861	REPORT
	https://access.redhat.com/security/cve/CVE-2024-3864	REPORT
	https://bugzilla.redhat.com/2275547	REPORT
	https://bugzilla.redhat.com/2275549	REPORT
	https://bugzilla.redhat.com/2275550	REPORT
	https://bugzilla.redhat.com/2275551	REPORT
	https://bugzilla.redhat.com/2275552	REPORT
	https://bugzilla.redhat.com/2275553	REPORT
	https://bugzilla.redhat.com/2275555	REPORT
	https://errata.almalinux.org/8/ALSA-2024-1912.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "115.10.0-1.el8_9.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 115.10.0 ESR.\n\nSecurity Fix(es):\n  \n* GetBoundName in the JIT returned the wrong object (CVE-2024-3852)\n\n* Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)\n* Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)\n* Permission prompt input delay could expire when not in focus (CVE-2024-2609)\n* Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)\n* Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)\n* Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:1912",
  "modified": "2024-04-22T08:21:39Z",
  "published": "2024-04-18T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:1912"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-2609"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3854"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3857"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3859"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3861"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3864"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275547"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275549"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275550"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275551"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275552"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275553"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275555"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-1912.html"
    }
  ],
  "related": [
    "CVE-2024-3852",
    "CVE-2024-3854",
    "CVE-2024-3857",
    "CVE-2024-2609",
    "CVE-2024-3859",
    "CVE-2024-3861",
    "CVE-2024-3864"
  ],
  "summary": "Important: firefox security update"
}

CERTFR-2024-AVI-0311

Vulnerability from certfr_avis - Published: 2024-04-17 - Updated: 2024-04-17

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.10
Mozilla	Thunderbird	Thunderbird versions antérieures à 115.10
Mozilla	Firefox	Firefox versions antérieures à 125

References

Title

Publication Time

CERTFR-2024-AVI-0337

Vulnerability from certfr_avis - Published: 2024-04-22 - Updated: 2024-04-22

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 115.10

References

Title

Publication Time

CNVD-2024-37196

Vulnerability from cnvd - Published: 2024-09-03

Title

多款Mozilla产品代码执行漏洞（CNVD-2024-37196）

Description

Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。多款Mozilla产品存在代码执行漏洞，该漏洞是由于错误优化switch语句后的越界读取造成的。攻击者可利用此漏洞在系统上执行任意代码或造成拒绝服务。

Severity

高

Patch Name

多款Mozilla产品代码执行漏洞（CNVD-2024-37196）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/security/advisories/mfsa2024-18/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.mozilla.org/security/advisories/mfsa2024-20/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-3854

Impacted products

Name
['Mozilla Firefox ESR < 115.10', 'Mozilla Thunderbird < 115.10', 'Mozilla Firefox <125']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-3854",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-3854"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u9519\u8bef\u4f18\u5316switch\u8bed\u53e5\u540e\u7684\u8d8a\u754c\u8bfb\u53d6\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-18/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-19/ \t\r\nhttps://www.mozilla.org/security/advisories/mfsa2024-20/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-37196",
  "openTime": "2024-09-03",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u9519\u8bef\u4f18\u5316switch\u8bed\u53e5\u540e\u7684\u8d8a\u754c\u8bfb\u53d6\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2024-37196\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox ESR \u003c 115.10",
      "Mozilla Thunderbird \u003c 115.10",
      "Mozilla Firefox \u003c125"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-3854",
  "serverity": "\u9ad8",
  "submitTime": "2024-04-18",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2024-37196\uff09"
}

FKIE_CVE-2024-3854

Vulnerability from fkie_nvd - Published: 2024-04-16 16:15 - Updated: 2025-04-01 14:11

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1884552	Issue Tracking
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html	Mailing List, Third Party Advisory
security@mozilla.org	https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html	Mailing List, Third Party Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-18/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-19/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-20/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1884552	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-18/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-19/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2024-20/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "A9E787D0-BCFE-45BA-AC41-477D33CEBBE4",
              "versionEndExcluding": "115.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7334A1C6-C6BF-4C70-ADF1-736BCE0EA227",
              "versionEndExcluding": "125.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0E4DEC0-5D13-48E9-B6A5-2DC8F30785DE",
              "versionEndExcluding": "115.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10."
    },
    {
      "lang": "es",
      "value": "En algunos patrones de c\u00f3digo, el JIT optimiz\u00f3 incorrectamente las declaraciones de cambio y gener\u00f3 c\u00f3digo con lecturas fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox \u0026lt; 125 y Firefox ESR \u0026lt; 115.10."
    }
  ],
  "id": "CVE-2024-3854",
  "lastModified": "2025-04-01T14:11:53.310",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-16T16:15:08.440",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-XC66-Q4X2-CWQX

Vulnerability from github – Published: 2024-04-16 18:31 – Updated: 2024-07-03 18:34

Details

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-3854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-16T16:15:08Z",
    "severity": "HIGH"
  },
  "details": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125 and Firefox ESR \u003c 115.10.",
  "id": "GHSA-xc66-q4x2-cwqx",
  "modified": "2024-07-03T18:34:29Z",
  "published": "2024-04-16T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3854"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-18"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-19"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-3854

Vulnerability from gsd - Updated: 2024-04-16 05:01

Details

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10.

Aliases

CVE-2024-3854

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-3854"
      ],
      "details": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125 and Firefox ESR \u003c 115.10.",
      "id": "GSD-2024-3854",
      "modified": "2024-04-16T05:01:59.553281Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2024-3854",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "125"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.10"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "115.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Lukas Bernhard"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out-of-bounds-read after mis-optimized switch statement"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2024-20/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10."
          },
          {
            "lang": "es",
            "value": "En algunos patrones de c\u00f3digo, el JIT optimiz\u00f3 incorrectamente las declaraciones de cambio y gener\u00f3 c\u00f3digo con lecturas fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox \u0026lt; 125 y Firefox ESR \u0026lt; 115.10."
          }
        ],
        "id": "CVE-2024-3854",
        "lastModified": "2024-04-22T10:15:07.470",
        "metrics": {},
        "published": "2024-04-16T16:15:08.440",
        "references": [
          {
            "source": "security@mozilla.org",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
          },
          {
            "source": "security@mozilla.org",
            "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/"
          }
        ],
        "sourceIdentifier": "security@mozilla.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

OPENSUSE-SU-2024:13884-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

MozillaThunderbird-115.10.1-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: MozillaThunderbird-115.10.1-1.1 on GA media

Description of the patch: These are all security issues fixed in the MozillaThunderbird-115.10.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13884

CVE-2024-2609

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3302

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3852

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3854

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3857

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3859

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3861

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3863

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3864

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

29 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2024-2609/	self
https://www.suse.com/security/cve/CVE-2024-3302/	self
https://www.suse.com/security/cve/CVE-2024-3852/	self
https://www.suse.com/security/cve/CVE-2024-3854/	self
https://www.suse.com/security/cve/CVE-2024-3857/	self
https://www.suse.com/security/cve/CVE-2024-3859/	self
https://www.suse.com/security/cve/CVE-2024-3861/	self
https://www.suse.com/security/cve/CVE-2024-3863/	self
https://www.suse.com/security/cve/CVE-2024-3864/	self
https://www.suse.com/security/cve/CVE-2024-2609	external
https://bugzilla.suse.com/1221327	external
https://www.suse.com/security/cve/CVE-2024-3302	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3852	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3854	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3857	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3859	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3861	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3863	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3864	external
https://bugzilla.suse.com/1222535	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "MozillaThunderbird-115.10.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the MozillaThunderbird-115.10.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13884",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13884-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-2609 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-2609/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3302 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3302/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3852 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3854 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3857 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3857/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3859 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3859/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3861 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3861/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3863 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3863/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3864 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3864/"
      }
    ],
    "title": "MozillaThunderbird-115.10.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13884-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.10.1-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-115.10.1-1.1.aarch64",
                  "product_id": "MozillaThunderbird-115.10.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-common-115.10.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-other-115.10.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.10.1-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-115.10.1-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-115.10.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.10.1-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-115.10.1-1.1.s390x",
                  "product_id": "MozillaThunderbird-115.10.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-common-115.10.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-other-115.10.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-115.10.1-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-115.10.1-1.1.x86_64",
                  "product_id": "MozillaThunderbird-115.10.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-115.10.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-115.10.1-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-115.10.1-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.10.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-115.10.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.10.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-115.10.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.10.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-115.10.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-115.10.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-115.10.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.10.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.10.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-115.10.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.10.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.10.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-115.10.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-115.10.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-2609",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-2609"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-2609",
          "url": "https://www.suse.com/security/cve/CVE-2024-2609"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221327 for CVE-2024-2609",
          "url": "https://bugzilla.suse.com/1221327"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-2609"
    },
    {
      "cve": "CVE-2024-3302",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3302"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3302",
          "url": "https://www.suse.com/security/cve/CVE-2024-3302"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3302",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3302"
    },
    {
      "cve": "CVE-2024-3852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3852",
          "url": "https://www.suse.com/security/cve/CVE-2024-3852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3852",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3852"
    },
    {
      "cve": "CVE-2024-3854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3854",
          "url": "https://www.suse.com/security/cve/CVE-2024-3854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3854",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3854"
    },
    {
      "cve": "CVE-2024-3857",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3857"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3857",
          "url": "https://www.suse.com/security/cve/CVE-2024-3857"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3857",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3857"
    },
    {
      "cve": "CVE-2024-3859",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3859"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3859",
          "url": "https://www.suse.com/security/cve/CVE-2024-3859"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3859",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3859"
    },
    {
      "cve": "CVE-2024-3861",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3861"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3861",
          "url": "https://www.suse.com/security/cve/CVE-2024-3861"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3861",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3861"
    },
    {
      "cve": "CVE-2024-3863",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3863"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The executable file warning was not presented when downloading .xrm-ms files.  \n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3863",
          "url": "https://www.suse.com/security/cve/CVE-2024-3863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3863",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3863"
    },
    {
      "cve": "CVE-2024-3864",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3864"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3864",
          "url": "https://www.suse.com/security/cve/CVE-2024-3864"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3864",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-115.10.1-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-115.10.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3864"
    }
  ]
}

OPENSUSE-SU-2024:13907-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

MozillaFirefox-125.0.2-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: MozillaFirefox-125.0.2-1.1 on GA media

Description of the patch: These are all security issues fixed in the MozillaFirefox-125.0.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13907

CVE-2024-3302

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3852

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3853

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3854

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3855

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3856

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3857

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3858

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3859

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3860

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3861

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3862

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3863

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3864

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2024-3865

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

47 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2024-3302/	self
https://www.suse.com/security/cve/CVE-2024-3852/	self
https://www.suse.com/security/cve/CVE-2024-3853/	self
https://www.suse.com/security/cve/CVE-2024-3854/	self
https://www.suse.com/security/cve/CVE-2024-3855/	self
https://www.suse.com/security/cve/CVE-2024-3856/	self
https://www.suse.com/security/cve/CVE-2024-3857/	self
https://www.suse.com/security/cve/CVE-2024-3858/	self
https://www.suse.com/security/cve/CVE-2024-3859/	self
https://www.suse.com/security/cve/CVE-2024-3860/	self
https://www.suse.com/security/cve/CVE-2024-3861/	self
https://www.suse.com/security/cve/CVE-2024-3862/	self
https://www.suse.com/security/cve/CVE-2024-3863/	self
https://www.suse.com/security/cve/CVE-2024-3864/	self
https://www.suse.com/security/cve/CVE-2024-3865/	self
https://www.suse.com/security/cve/CVE-2024-3302	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3852	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3853	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3854	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3855	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3856	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3857	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3858	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3859	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3860	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3861	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3862	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3863	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3864	external
https://bugzilla.suse.com/1222535	external
https://www.suse.com/security/cve/CVE-2024-3865	external
https://bugzilla.suse.com/1222535	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "MozillaFirefox-125.0.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the MozillaFirefox-125.0.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13907",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13907-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3302 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3302/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3852 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3853 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3853/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3854 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3855 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3855/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3856 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3856/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3857 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3857/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3858 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3858/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3859 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3859/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3860 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3860/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3861 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3861/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3862 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3862/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3863 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3863/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3864 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3864/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3865 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3865/"
      }
    ],
    "title": "MozillaFirefox-125.0.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13907-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-125.0.2-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-125.0.2-1.1.aarch64",
                  "product_id": "MozillaFirefox-125.0.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
                  "product_id": "MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-125.0.2-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-devel-125.0.2-1.1.aarch64",
                  "product_id": "MozillaFirefox-devel-125.0.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
                  "product_id": "MozillaFirefox-translations-common-125.0.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
                "product": {
                  "name": "MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
                  "product_id": "MozillaFirefox-translations-other-125.0.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-125.0.2-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-125.0.2-1.1.ppc64le",
                  "product_id": "MozillaFirefox-125.0.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
                  "product_id": "MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-125.0.2-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-devel-125.0.2-1.1.ppc64le",
                  "product_id": "MozillaFirefox-devel-125.0.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-common-125.0.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
                "product": {
                  "name": "MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
                  "product_id": "MozillaFirefox-translations-other-125.0.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-125.0.2-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-125.0.2-1.1.s390x",
                  "product_id": "MozillaFirefox-125.0.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
                  "product_id": "MozillaFirefox-branding-upstream-125.0.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-125.0.2-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-devel-125.0.2-1.1.s390x",
                  "product_id": "MozillaFirefox-devel-125.0.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-125.0.2-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-common-125.0.2-1.1.s390x",
                  "product_id": "MozillaFirefox-translations-common-125.0.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-125.0.2-1.1.s390x",
                "product": {
                  "name": "MozillaFirefox-translations-other-125.0.2-1.1.s390x",
                  "product_id": "MozillaFirefox-translations-other-125.0.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaFirefox-125.0.2-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-125.0.2-1.1.x86_64",
                  "product_id": "MozillaFirefox-125.0.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
                  "product_id": "MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-devel-125.0.2-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-devel-125.0.2-1.1.x86_64",
                  "product_id": "MozillaFirefox-devel-125.0.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
                  "product_id": "MozillaFirefox-translations-common-125.0.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaFirefox-translations-other-125.0.2-1.1.x86_64",
                "product": {
                  "name": "MozillaFirefox-translations-other-125.0.2-1.1.x86_64",
                  "product_id": "MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-125.0.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-125.0.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-125.0.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-125.0.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-125.0.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-125.0.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-125.0.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-125.0.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-125.0.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-devel-125.0.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-125.0.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-devel-125.0.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-125.0.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-devel-125.0.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-devel-125.0.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-devel-125.0.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-125.0.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-125.0.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-125.0.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-common-125.0.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-common-125.0.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-125.0.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64"
        },
        "product_reference": "MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-125.0.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le"
        },
        "product_reference": "MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-125.0.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x"
        },
        "product_reference": "MozillaFirefox-translations-other-125.0.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaFirefox-translations-other-125.0.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        },
        "product_reference": "MozillaFirefox-translations-other-125.0.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3302",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3302"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3302",
          "url": "https://www.suse.com/security/cve/CVE-2024-3302"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3302",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3302"
    },
    {
      "cve": "CVE-2024-3852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3852",
          "url": "https://www.suse.com/security/cve/CVE-2024-3852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3852",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3852"
    },
    {
      "cve": "CVE-2024-3853",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3853"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox \u003c 125.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3853",
          "url": "https://www.suse.com/security/cve/CVE-2024-3853"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3853",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3853"
    },
    {
      "cve": "CVE-2024-3854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3854",
          "url": "https://www.suse.com/security/cve/CVE-2024-3854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3854",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3854"
    },
    {
      "cve": "CVE-2024-3855",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3855"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox \u003c 125.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3855",
          "url": "https://www.suse.com/security/cve/CVE-2024-3855"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3855",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3855"
    },
    {
      "cve": "CVE-2024-3856",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3856"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox \u003c 125.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3856",
          "url": "https://www.suse.com/security/cve/CVE-2024-3856"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3856",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3856"
    },
    {
      "cve": "CVE-2024-3857",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3857"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3857",
          "url": "https://www.suse.com/security/cve/CVE-2024-3857"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3857",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3857"
    },
    {
      "cve": "CVE-2024-3858",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3858"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox \u003c 125.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3858",
          "url": "https://www.suse.com/security/cve/CVE-2024-3858"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3858",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3858"
    },
    {
      "cve": "CVE-2024-3859",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3859"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3859",
          "url": "https://www.suse.com/security/cve/CVE-2024-3859"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3859",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3859"
    },
    {
      "cve": "CVE-2024-3860",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3860"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox \u003c 125.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3860",
          "url": "https://www.suse.com/security/cve/CVE-2024-3860"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3860",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3860"
    },
    {
      "cve": "CVE-2024-3861",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3861"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3861",
          "url": "https://www.suse.com/security/cve/CVE-2024-3861"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3861",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3861"
    },
    {
      "cve": "CVE-2024-3862",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3862"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox \u003c 125.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3862",
          "url": "https://www.suse.com/security/cve/CVE-2024-3862"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3862",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3862"
    },
    {
      "cve": "CVE-2024-3863",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3863"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The executable file warning was not presented when downloading .xrm-ms files.  \n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3863",
          "url": "https://www.suse.com/security/cve/CVE-2024-3863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3863",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3863"
    },
    {
      "cve": "CVE-2024-3864",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3864"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 125, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3864",
          "url": "https://www.suse.com/security/cve/CVE-2024-3864"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3864",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3864"
    },
    {
      "cve": "CVE-2024-3865",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3865"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 125.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
          "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3865",
          "url": "https://www.suse.com/security/cve/CVE-2024-3865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222535 for CVE-2024-3865",
          "url": "https://bugzilla.suse.com/1222535"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-devel-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-common-125.0.2-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.s390x",
            "openSUSE Tumbleweed:MozillaFirefox-translations-other-125.0.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-3865"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-3854 (GCVE-0-2024-3854)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solution

Solution

Tags

Sightings

Nomenclature